cyberark defender + sentry Flashcards by lindy chaffee

The vault does not support Role Based Access Control

A. TRUE
B. FALSE

B. FALSE

How well did you know this?

Not at all

Perfectly

The Remote Desktop Services role must be properly licensed by Microsoft.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

One can create exceptions to the Master Policy based on ____________.

A. Safes
B. Platforms
C. Policies
D. Accounts

D. Accounts

How well did you know this?

Not at all

Perfectly

Which of the following statements are NOT true when enabling PSM recording for a target Windows server?

A. The PSM software must be installed on the target server.
B. PSM must be enabled in the Master Policy (either directly, or through exception).
C. PSMConnect must be added as a local user on the target server.
D. RDP must be enabled on the target server.

A. The PSM software must be installed on the target server.

How well did you know this?

Not at all

Perfectly

It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

During LDAP/S integration you should specify the Fully Qualified Domain Name (FQDN) of the Domain Controller.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

Which of the following options is not set in the Master Policy?

A. Password Expiration Time
B. Enabling and Disabling of the Connection Through the PSM
C. Password Complexity
D. The use of One-Time Passwords

C. Password Complexity

How well did you know this?

Not at all

Perfectly

When on-boarding accounts using Accounts Feed, which of the following is true?

A. You must specify an existing Safe where the account will be stored when it is on-boarded to the Vault.
B. You can specify the name of a new safe that will be created where the account will be stored when it is on-boarded to the Vault.
C. You can specify the name of a new Platform that will be created and associated with the account.
D. Any account that is on-boarded can be automatically reconciled regardless of the platform it is associated with.

C. You can specify the name of a new Platform that will be created and associated with the account.

How well did you know this?

Not at all

Perfectly

PSM captures a record of each command that was issued in SQL Plus.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

The Vault Internal safe contains the configuration for an LDAP integration.

A. TRUE
B. FALSE

B. FALSE

How well did you know this?

Not at all

Perfectly

The Vault Internal safe contains all of the configuration for the vault.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

What is the purpose of the Allowed Safes parameter in a Central Policy Manager (CPM) policy? (Choose all that apply.)

A. To improve performance by reducing CPM workload.
B. To prevent accidental use of a policy in the wrong Safe.
C. To allow users to access only the passwords they should be able to access.
D. To enforce Least Privilege in CyberArk.

C. To allow users to access only the passwords they should be able to access.
D. To enforce Least Privilege in CyberArk.

How well did you know this?

Not at all

Perfectly

What are the operating system prerequisites for installing Central Policy Manager (CPM)?

A. .NET 3.51 Framework Feature
B. Web Services Role
C. Remote Desktop Services Role
D. Windows 2008 R2 or higher

A. .NET 3.51 Framework Feature

How well did you know this?

Not at all

Perfectly

One time passwords reduce the risk of Pass the Hash vulnerabilities in Windows.

A. TRUE
B. FALSE

B. FALSE

How well did you know this?

Not at all

Perfectly

The vault provides a tamper-proof audit trail.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

It is possible to restrict the time of day, or day of week that a verify process can occur

A. TRUE
B. FALSE

B. FALSE

How well did you know this?

Not at all

Perfectly

When managing SSH keys, Central Policy Manager (CPM) automatically pushes the Private Key to all systems that use it.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

It is possible to restrict the time of day, or day of week that a change process can occur.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

Which one of the built-in Vault users is not automatically added to the safe when it is first created in PWA?

A. Master
B. Administrator
C. Auditor
D. Operator

D. Operator

How well did you know this?

Not at all

Perfectly

What conditions must be met in order to log into the vault as the Master user? (Choose all that apply.)

A. Logon must be originated from the console of the Vault Server or an EmergencyStation defined in DBParm.ini
B. User must provide the correct master password.
C. Logon requires the Recovery Private Key to be accessible to the vault.
D. Logon must satisfy a challenge response request.

A. Logon must be originated from the console of the Vault Server or an EmergencyStation defined in DBParm.ini
B. User must provide the correct master password.

How well did you know this?

Not at all

Perfectly

The Vault supports multiple instances of the following components. (Choose all that Apply.)

A. PVWA
B. CPM
C. PSM
D. AIM Provider

A. PVWA
B. CPM
D. AIM Provider

How well did you know this?

Not at all

Perfectly

Multiple Password Vault Web Access (PVWA) servers are always all active.

A. TRUE
B. FALSE

A. TRUE

How well did you know this?

Not at all

Perfectly

In a Security Information and Event Management (SIEM) integration it is recommended to use the Fully Qualified Domain Name (FQDN) when specifying the
SIEM server address(es).

A. TRUE
B. FALSE

B. FALSE

How well did you know this?

Not at all

Perfectly

The vault supports a number of dual factor authentication methods.

A. TRUE
B. FALSE

B. FALSE

How well did you know this?

Not at all

Perfectly

You are successfully managing passwords in the alpha.cyberark.com domain; however, when you attempt to manage a password in the beta.cyberark.com domain, you receive the network path not found error. What should you check first? A. That the username and password are correct. B. That the Central Policy Manager (CPM) can successfully resolve addresses in the beta.cyberark.com domain. C. That the end user has the correct permissions on the safe. D. That an appropriate trust relationship exists between alpha.cyberark.com and beta.cyberark.com

B. That the Central Policy Manager (CPM) can successfully resolve addresses in the beta.cyberark.com domain.

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault. A. True. B. False. Because the user can also enter credentials manually using Secure Connect. C. False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect. D. False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.

C. False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect.

A Vault administrator have associated a logon account to one of your UNIX root accounts in the vault. When attempting to change the root account's password the CPM will: A. Log in to the system as root, then change root's password. B. Log in to the system as the logon account, then change root's password. C. Log in first with the logon account, then run the SU command to log in as root and then change root's password. D. None of these.

B. Log in to the system as the logon account, then change root's password.

A Security Information and Event Management (SIEM) integration allows you to forward ITALOG records to a monitoring solution. A. TRUE B. FALSE

A. TRUE

What is the purpose of the CyberArk Event Notification Engine service? A. sends email messages from the vault. B. sends email messages from the CPM. C. processes audit reports. D. makes vault data available to components.

D. makes vault data available to components.

The DR module allows an integration with Enterprise Backup software. A. TRUE B. FALSE

B. FALSE

What is the purpose of the PrivateArk Server service? A. Executes password changes. B. Makes Vault data accessible to components. C. Maintains vault metadata. D. Sends email alert from the Vault.

C. Maintains vault metadata.

Auto-Detection can be configured to leverage LDAP/S. A. TRUE B. FALSE

B. FALSE

It is impossible to override Mater Policy settings for a Platform A. TRUE B. FALSE

B. FALSE

The following applications are pre-configured to work with PSM, but first need to be installed on the PSM server. A. SQL Plus B. Putty C. RDP D. WinSCP E. Toad F. VMWare vSphere Client G. Microsoft SQL Management Studio

A. SQL Plus

What is the PRIMARY reason for installing more than 1 active Central Policy Manager (CPM)? A. Installing CPMs in multiple sites prevents complex firewall rules to manage devices at remote sites. B. Multiple instances create fault tolerance. C. Multiple instances increase response time. D. Having additional CPMs increases the maximum number of devices CyberArk can manage.

D. Having additional CPMs increases the maximum number of devices CyberArk can manage.

When planning to load balance at least 2 PSM Servers in an in-domain deployment, is it required to move the PSMConnect and PSMAdminConnect users to the domain level? A. Yes, but only the PSMConnect user must be moved to the domain. B. No, this is the customers' decision and will work with local or domain based users. C. Yes, both PSMConnect and PSMAdminConnect users should be moved to the domain. D. No, both accounts must be left as local accounts.

D. No, both accounts must be left as local accounts.

Name two ways of viewing the ITAlog: A. Log into the vault locally and navigate to the Server folder under the PrivateArk install location. B. Log into the PVWA and go to the Reports tab. C. Access the System Safe from the PrivateArk client. D. Go to the Thirdpary log directory on the CPM

A. Log into the vault locally and navigate to the Server folder under the PrivateArk install location. C. Access the System Safe from the PrivateArk client.

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to UnixAdmins? A. Use Accounts B. Retrieve Accounts C. List Accounts D. Authorize Password Requests E. Access Safe without Authorization

A. Use Accounts

A Simple Mail Transfer Protocol (SMTP) integration allows you to forward audit records to a monitoring solution. A. TRUE B. FALSE

B. FALSE

The System safe allows access to the Vault configuration files. A. TRUE B. FALSE

A. TRUE

Which of the Following can be configured in the Master Policy? (Choose all that apply.) A. Dual Control B. One Time Passwords C. Exclusive Passwords D. Password Reconciliation E. Ticketing Integration F. Required Properties G. Custom Connection Components H. Password Aging Rules

A. Dual Control B. One Time Passwords G. Custom Connection Components H. Password Aging Rules

Multiple PSM Servers can be load balanced. A. TRUE B. FALSE

A. TRUE

Which file would you modify to configure your Vault Server to forward Activity Logs to a Security Information and Event Management (SIEM) or SYSLOG server? A. dbparm.ini B. PARagent.ini C. ENEConf.ini D. padr.ini

A. dbparm.ini

In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX systems. What is the BEST way to allow Central Policy Manager (CPM) to manage root accounts? A. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server's root account. B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account. C. Configure the Unix system to allow SSH logins. D. Configure the CPM to allow SSH logins.

B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account.

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection. A. TRUE B. FALSE

A. TRUE

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk. A. TRUE B. FALSE

A. TRUE

When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online. A. True, this is the default behavior. B. False, this is not possible. C. True, if the AllowFailback setting is set to yes in the PADR.ini file. D. True, if the AllowFailbackג setting is set to yes in the dbparm.ini file.

C. True, if the AllowFailback setting is set to yes in the PADR.ini file.

PSM requires the Remote Desktop Session Host role service. A. TRUE B. FALSE

B. FALSE

Which is the correct order of installation for PAS components? A. Vault, CPM, PVWA, PSM B. CPM, Vault, PSM, PVWA C. Vault, CPM, PSM, PVWA D. PVWA, Vault, CPM, PSM

A. Vault, CPM, PVWA, PSM

Which utilities could you use to change debugging levels on the Vault without having to restart the Vault? (Choose two.) A. PAR Agent B. PrivateArk Server Central Administration C. Edit DBParm.ini in a text editor. D. Setup.exe

A. PAR Agent C. Edit DBParm.ini in a text editor.

CyberArk Logical Container - A. CPMlog B. CPM_error.log C. pm.log D. pm.errors.log

C. pm.log

What is the maximum number of levels of authorizations you can set up in Dual Control? A. 1 B. 2 C. 3 D. 4

B. 2

Within the Vault each password is encrypted by __________ . A. The Server Key B. The Recovery Public Key C. The Recovery Private Key D. Its own unique key.

D. Its own unique key.

In Accounts Discovery, you can configure a Windows discovery to scan ___________. A. as many OUs as you wish. B. up to three OUs. C. only one OU. D. a number of OUs determined by the OUstoScan setting under the Accounts Feed section in the Administration tab.

C. only one OU.

Which report could show all audit data in the vault? A. Privileged Account Compliance Status Report B. Activity Log C. Privileged Account Inventory Report D. Application Inventory Report

A. Privileged Account Compliance Status Report

A Vault Administrator wants to change the PSM Server ID to comply with a naming standard. What is the process for changing the PSM Server ID? A. First, logon to the PrivateArk Client as Administrator and open the PVWAConfig safe. Retrieve and edit the PVConfiguration.xml file. Search for the PSMServer Name and update the ID of the server you want to rename. Save the file and copy back to the PWAConfig safe. Restart the CyberArk Privileged Session Manager service on the PSM server. B. Login to the PVWA, then change the PSMServer ID in Administration, System Configuration, Options, Privileged Session Management, Configured PSM Servers. Run an IISRESET on all PVWA servers. C. First, login to the PVWA, browse to Administration, System Configuration, Options, Privileged Session Management, Configured PSM Servers and select the PSM Server you need to change from the list of servers. In the properties pane, set the value of the ID property to the new Server ID, click Apply and OK. Next, edit the basic_psm.ini file located on the PSM server in the PSM root directory and update the PSMServerID parameter with the new Server ID, save the file and restart the CyberArk Privileged Session Manager service on the PSM server. D. Options A and B above is the correct procedure.

B. Login to the PVWA, then change the PSMServer ID in Administration, System Configuration, Options, Privileged Session Management, Configured PSM Servers. Run an IISRESET on all PVWA servers.

When managing SSH keys, Central Policy Manager (CPM) automatically pushes the Public Key to the target system. A. TRUE B. FALSE

A. TRUE

Customers who have the Access Safe without confirmation safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account. A. TRUE B. FALSE

A. TRUE

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose all that apply.) A. Store the CD in a physical safe and mount the CD every time vault maintenance is performed. B. Copy the entire contents of the CD to the System Safe on the vault. C. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions. D. Store the server key in a Hardware Security Module (HSM) and copy the reset the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions.

C. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions. D. Store the server key in a Hardware Security Module (HSM) and copy the reset the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions.

The Vault needs to send Simple Network Management Protocol (SNMP) traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution? A. PARAgent.ini B. dbparm.ini C. ENEConf.ini D. my.ini

A. PARAgent.ini

A Security Information and Event Management (SIEM) integration allows you to forward audit records to a monitoring solution. A. TRUE B. FALSE

A. TRUE

It is possible to control the hours of the day during which a safe may be used. A. TRUE B. FALSE

A. TRUE

A Logon Account can be specified in the Master Policy A. TRUE B. FALSE

A. TRUE

Platform settings are applied to _________. A. The entire vault. B. Network Areas C. Safes D. Individual Accounts

C. Safes

Which user is automatically added to all Safes and cannot be removed? A. Administrator B. Master C. Auditor D. Operator

D. Operator

A vault admin received an email notification that a password verification process has failed. From which service was the message sent? A. The PrivateArk Server Service on the Vault. B. The CyberArk Password Manager service on the Components Server. C. The CyberArk Event Notification Engine Service on the Vault. D. The CyberArk Privileged Session Manager service on the Vault.

C. The CyberArk Event Notification Engine Service on the Vault.

PSM captures a record of each command that was executed in Unix. A. TRUE B. FALSE

A. TRUE

Using the SSH Key Manager it is possible to allow Central Policy Manager (CPM) to manage SSH Keys similarly to passwords. A. TRUE B. FALSE

B. FALSE

Which of the following are prerequisites for installing Password Vault Web Access (PVWA)? A. Web Services Role B. .NET 4.5.1 Framework Feature C. Remote Desktop Services Role D. Windows BitLocker

A. Web Services Role

SAFE Authorizations may be granted to ________________. (Choose all that apply.) A. Vault Users B. Vault Groups C. LDAP Users D. LDAP Groups

D. LDAP Groups

Which Built-In group grants access to the ADMINISTRATION page? A. PVWAMonitor B. PVWAUsers C. Auditors D. Vault Admins

B. PVWAUsers

Multiple Password Vault Web Access (PVWA) servers provide automatic load balancing. A. TRUE B. FALSE

B. FALSE

What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy? A. MinValidityPeriod B. Inteval C. ImmediateInterval D. Timeout

A. MinValidityPeriod

In a Simple Network Management Protocol (SNMP) integration it is recommended to use the Fully Qualified Domain Name (FQDN) when specifying the SNMP server address(es). A. TRUE B. FALSE

B. FALSE

For the hardening process to complete successfully, security products like Antivirus should be installed on the Vault Server before running the vault installer. A. TRUE B. FALSE

A. TRUE

Which keys are required to be present in order to start the PrivateArk Server Service? A. Server Key B. Recovery Public Key C. Recovery Private Key D. Safe Key

A. Server Key

The Application Inventory report is related to AIM. A. TRUE B. FALSE

A. TRUE

What is the purpose of the PrivateArk Database service? A. Maintains Vault metadata. B. Communicates with components. C. Sends email alerts from the vault. D. Executes password changes.

C. Sends email alerts from the vault.

PTA can automatically suspend sessions in case of suspicious activities detected in a privileged session, only if the session is made via the CyberArk PSM. A. True B. False, the PTA can suspend sessions whether the session is made via the PSM or not

B. False, the PTA can suspend sessions whether the session is made via the PSM or not

Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? (Choose all that apply.) A. Discovery and Audit (DNA) B. Auto Detection (AD) C. Export Vault Data (EVD) D. On Demand Privileges Manager (OPM) E. Accounts Discovery

C. Export Vault Data (EVD) D. On Demand Privileges Manager (OPM) E. Accounts Discovery

What is the primary purpose of Exclusive Accounts? A. Reduced risk of credential theft B. More frequent password changes C. Non-repudiation (individual accountability) D. To force a collusion to commit fraud ensuring no single actor may use a password without authorization

C. Non-repudiation (individual accountability)

dbparm.ini is the main configuration file for the vault. A. TRUE B. FALSE

A. TRUE

Which of the following is NOT a use case for installing multiple CPMs? A. A single CPM cannot accommodate the total number of accounts managed B. Accounts are managed in multiple sites or VLANs protected by firewall C. Reduce network traffic across WAN links D. Provide load balancing capabilities when managing passwords on target devices

D. Provide load balancing capabilities when managing passwords on target devices

If a transparent user belongs two different directory mappings, how does the system determine which user template to use? A. The system will use the template for the mapping listed first. B. The system will use the template for the mapping listed last. C. The system will grant all of the vault authorizations from the two templates. D. The system will grant only the vault authorizations that are listed in both templates.

A. The system will use the template for the mapping listed first.

When working with the CyberArk Cluster, the Virtual IP is used by: A. The CyberArk components to communicate with the Vault Cluster over the public network. B. The Vault nodes for exchanging keep-alive messages over the public network. C. The CyberArk components to communicate with the Vault Cluster over the private network. D. The Vault nodes for exchanging keep-alive messages over the public network.

A. The CyberArk components to communicate with the Vault Cluster over the public network.

What is the primary purpose of Dual Control? A. Reduced risk of credential theft B. More frequent password changes C. Non-repudiation (individual accountability) D. To force a collusion to commit fraud ensuring no single actor may use a password without authorization

D. To force a collusion to commit fraud ensuring no single actor may use a password without authorization

Which onboarding method would you use to integrate CyberArk with your accounts provisioning process? A. Accounts Discovery B. Auto Detection C. Onboarding RestAPI functions D. PTA Rules

B. Auto Detection

What is the purpose of the password Reconcile process? A. To test that CyberArk is storing accurate credentials for accounts. B. To change the password of an account according to organizationally defined password rules. C. To allow CyberArk to manage unknown or lost credentials. D. To generate a new complex password.

A. To test that CyberArk is storing accurate credentials for accounts.

When managing SSH keys, the Central Policy Manager (CPM) stores the Public Key ________________. A. In the Vault B. On the target server C. In the Vault and on the target server D. Nowhere because the public key can always be generated from the private key

B. On the target server

PSM for SSH (previously known as (PSM-SSH Proxy) supports connections to the following target systems: A. Windows B. UNIX C. Oracle D. All of the above

D. All of the above

If a password is changed manually on a server, bypassing the Central Policy Manager (CPM), how would you configure the account so that the CPM could resume management automatically? A. Configure the Provider to change the password to match the Vault's Password B. Associate a reconcile account and configure the platform to reconcile automatically C. Associate a logon account and configure the platform to reconcile automatically D. Run the correct auto detection process to rediscover the password

B. Associate a reconcile account and configure the platform to reconcile automatically

HA, DR, Replicate are mutually exclusive and cannot be used in the same environment. A. TRUE B. FALSE

B. FALSE

Users complain they are unsuccessful attempting to authenticate to the Password Vault Web Access (PVWA) web site. After entering their credentials, they receive a Timeout has expired. You test the URL using multiple browsers and receive the same error. The CyberArk.WebApplication.log shows the ITACM012S Timeout has expired log entry. What is the next troubleshooting step you should take? A. Run an IISRESET on the PVWA server B. Check the CyberArk.WebConsole.log for errors C. Check network firewall rules to ensure the PVWA can communicate to the Vault over tcp_1858 D. Check the health of the Vault Server and ensure all services are running

C. Check network firewall rules to ensure the PVWA can communicate to the Vault over tcp_1858

When working with the CyberArk Cluster, which service is considered Optional (i.e., failure of the service does not mandate a failover)? A. PrivateArk Server B. PrivateArk Database C. Event Notification Engine D. Logic Container

C. Event Notification Engine

What is the purpose of the password Change process? A. To test that CyberArk is storing accurate credentials for accounts B. To change the password of an account according to organizationally defined password rules C. To allow CyberArk to manage unknown or lost credentials D. To generate a new complex password

B. To change the password of an account according to organizationally defined password rules

Which parameter controls how often the Central Policy Manager (CPM) looks for accounts that need to be changed from recently completed Dual Control requests? A. HeadStartInterval B. Interval C. ImmediateInterval D. The CPM does not change the password under this circumstance

C. ImmediateInterval

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports. A. TRUE B. FALSE

B. FALSE

During ENE integration you should specify the Fully Qualified Domain Name (FQDN) of the Simple Mail Transfer Protocol (SMTP) Gateway server. A. TRUE B. FALSE

B. FALSE

When accessing the Vault via Password Vault Web Access (PVWA), is it possible to configure multiple Dual Authentication Methods? A. Yes, all authentication methods will be configured to use the Vault integrated authentication flow. B. No, dual authentication methods are not supported. C. Yes, authentication methods will be configured to use the combination of IIS and Vault integrated authentication flow. D. Yes, all authentication methods will be configured to use the IIS integrated authentication flow.

C. Yes, authentication methods will be configured to use the combination of IIS and Vault integrated authentication flow.

The Remote Desktop Services role installed on PSM must be properly licensed by Microsoft. A. No, this is not necessary B. Yes, this is necessary and must be scoped and purchased prior to project implementation C. Yes, RDS is included as part of Microsoft Operating System License D. No, RDS licenses are only required when using the RemoteApp feature

B. Yes, this is necessary and must be scoped and purchased prior to project implementation

A Simple Network Management Protocol (SNMP) integration allows you to forward audit records from the vault to the Security Information and Event Management (SIEM). A. TRUE B. FALSE

A. TRUE

What is the primary purpose of One Time Passwords? A. Reduced risk of credential theft B. More frequent password changes C. Non-repudiation (individual accountability) D. To force a collusion to commit fraud ensuring no single actor may use a password without authorization

A. Reduced risk of credential theft

What values are acceptable in the address field on the Accounts Details? A. It must be a Fully Qualified Domain Name (FQDN) B. It must be an IP address C. It must be NetBIOS name D. Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

D. Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

When a group is granted the Authorize Account Requests permission on a safe Dual Control requests must be approved by: A. Any one person from that group B. Every person from that group C. The number of persons specified by the Master Policy D. That access cannot be granted to groups

C. The number of persons specified by the Master Policy

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.) A. Use Accounts B. Retrieve Accounts C. List Accounts D. Authorize Password Requests E. Access Safe without Authorization

A. Use Accounts B. Retrieve Accounts C. List Accounts

Ad-Hoc Access (formerly Secure Connect) provides the following features. (Choose all that apply.) A. PSM connections to target devices that are not managed by CyberArk B. Session Recording C. Real-time live session monitoring D. PSM connections from a terminal without the need to login to the Password Vault Web Access (PVWA)

A. PSM connections to target devices that are not managed by CyberArk B. Session Recording C. Real-time live session monitoring

An auditor initiates a LIVE monitoring session to PSM server to view an ongoing LIVE session. When the auditorג€™s machine makes an RDP connection the PSM server, which user will be used? A. PSMAdminConnect B. Shadowuser C. PSMConnect D. Credentials Stored in the Vault for the Target Machine

A. PSMAdminConnect

The vault does not support Subnet Based Access Control. A. TRUE B. FALSE

B. FALSE

Which IP port and Protocol are used by the CyberArk Secure Proprietary Protocol? A. TCP/1858 B. TCP/636 C. UDP/1812 D. TCP/22

A. TCP/1858

What are the functions of the Remote Control Agent service? (Choose all that apply.) A. Allows remote monitoring of the Vault B. Sends SNMP traps from the Vault C. Maintains audit data D. Allows CyberArk Services to be managed (start/stop/status) remotely

A. Allows remote monitoring of the Vault B. Sends SNMP traps from the Vault D. Allows CyberArk Services to be managed (start/stop/status) remotely

Which report shows the accounts that are accessible to each user? A. Activity Report B. Entitlement Report C. Privileged Accounts Compliance Status Report D. Applications Inventory Report

B. Entitlement Report

The PSM Gateway (also known as the HTML5 Gateway) can be installed A. True B. False, the PSM Gateway must be installed on a separate Windows machine

A. True

Which file is used to configure the ENE service? A. ENE.ini B. ENEConfig.ini C. dbparm.ini D. PARagent.ini

C. dbparm.ini

The Vault needs to send Simple Network Management Protocol (SNMP) traps to your SNMP solution, which file is used to configure the IP address of the SNMP server? A. snmp.ini B. dbparm.ini C. ENEConf.ini D. PARagent.ini

B. dbparm.ini

Which file is used to open up a non-standard Firewall port to the Vault? A. dbparm.ini B. PARagent.ini C. passparm.ini D. Vault.ini

D. Vault.ini

Which credentials does CyberArk use when managing a target account? A. Those of the service account for the CyberArk Password Manager service B. A Domain Administrator account created for this purpose C. The credentials of the target account D. An account assigned by the Master Policy

A. Those of the service account for the CyberArk Password Manager service

Access Control to passwords is implemented by ________________. A. Vault Authorizations B. Safe Authorizations C. Master Policy D. Platform Settings

B. Safe Authorizations

In the vault each password is encrypted with a unique encryption key. A. TRUE B. FALSE

A. TRUE