cyberark security Flashcards
What would be a good use case for the Replicate module?
A. Recovery Time Objectives or Recovery Point Objectives are at or near zero.
B. Integration with an Enterprise Backup Solution is required.
C. Off site replication is required.
D. PSM is used.
C. Off site replication is required.
What is the PRIMARY reason for installing more than 1 active CPM?
A. Installing CPMs in multiple sites prevents complex firewall rules to manage devices at remote sites.
B. Multiple instances create fault tolerance.
C. Multiple instances increase response time.
D. Having additional CPMs increases the maximum number of devices CyberArk can manage.
D. Having additional CPMs increases the maximum number of devices CyberArk can manage.
What is the purpose of the password Reconcile process?
A. To test that CyberArk is storing accurate credentials for accounts.
B. To change the password of an account according to organizationally defined password rules.
C. To allow CyberArk to manage unknown or lost credentials.
D. To generate a new complex password.
B. To change the password of an account according to organizationally defined password rules.
Which file would you modify to configure the vault to send SNMP traps to your monitoring solution?
A. dbparm.ini
B. paragent.ini
C. ENEConf.ini
D. padr.ini
B. paragent.ini
When a DR vault server becomes an active vault, it will automatically fail back to the original state once the primary vault comes back online.
A. True, this is the default behavior.
B. False, this is not possible.
C. True, if the AllowFailback setting is set to yes in the PADR.ini file.
D. True, if the AllowFailbackג setting is set to yes in the dbparm.ini file.
C. True, if the AllowFailback setting is set to yes in the PADR.ini file.
In order to avoid conflicts with the hardening process, third party applications like Antivirus and Backup Agents should be installed on the Vault server before installing the Vault.
A. TRUE
B. FALSE
B. FALSE
If a transparent user matches two different directory mappings, how does the system determine which user template to use?
A. The system will use the template for the mapping listed first.
B. The system will use the template for the mapping listed last.
C. The system will grant all of the vault authorizations from the two templates.
D. The system will grant only the vault authorizations that are listed in both templates.
A. The system will use the template for the mapping listed first.
The primary purpose of the CPM is Password Management.
A. TRUE
B. FALSE
A. TRUE
The vault server uses a modified version of the Microsoft Windows firewall.
A. TRUE
B. FALSE
B. FALSE
In a SIEM integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es).
A. TRUE
B. FALSE
A. TRUE
What would be a good use case for a High Availability vault?
A. Recovery Time Objectives or Recovery Point Objectives are at or near zero.
B. Integration with an Enterprise Backup Solution is required.
C. Off site replication is required.
D. PSM is used.
A. Recovery Time Objectives or Recovery Point Objectives are at or near zero.
What are the operating system prerequisites for installing CPM?
A. .NET 3.51 Framework Feature
B. Web Services Role
C. Remote Desktop Services Role
D. Windows 2008 R2 or higher.
A. .NET 3.51 Framework Feature
A vault admin received an email notification that a password verification process has failed. Which service sent the message?
A. The PrivateArk Server Service on the Vault.
B. The CyberArk Password Manager service on the Components Server.
C. The CyberArk Event Notification Engine Service on the Vault.
D. The CyberArk Privileged Session Manager service on the Vault.
C. The CyberArk Event Notification Engine Service on the Vault.
A stand alone Vault server requires DNS services to operate properly.
A. TRUE
B. FALSE
B. FALSE
The connect button requires PSM to work.
A. TRUE
B. FALSE
B. FALSE
After a PSM session is complete, the PSM server uploads the recording to the Vault for long-term storage.
A. TRUE
B. FALSE
A. TRUE
By default, the vault secure protocol uses which IP port and protocol.
A. TCP/1858
B. TCP/443
C. UDP/1858
D. TCP/80
A. TCP/1858
What is the best practice for storing the Master CD?
A. Copy the files to the Vault server and discard the CD.
B. Copy the contents of the CD to a Hardware Security Module and discard the CD.
C. Store the CD in a secure location, such as a physical safe.
D. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder (secured with NTFS permission) on the vault.
D. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder (secured with NTFS permission) on the vault.
What utility is used to create or update a credential file?
A. CreateCredFile.exe
B. CAVaultManager.exe
C. Central Policy Manager
D. Password Vault Web Access
A. CreateCredFile.exe
You are successfully managing passwords in the alpha.cyberark.com domain; however, when you attempt to manage a password in the beta.cyberark.com domain, you receive the network path not found error. What should you check first?
A. That the username and password are correct.
B. That the CPM can successfully resolve addresses in the beta.cyberark.com domain.
C. That the end user has the correct permissions on the safe.
D. That an appropriate trust relationship exists between alpha.cyberark.com and beta.ceberark.com
B. That the CPM can successfully resolve addresses in the beta.cyberark.com domain.
What is the name of the account used to establish the initial RDP session from the end user client machine to the PSM server?
A. PSMConnect
B. PSMAdminConnect
C. PSM
D. The credentials the end user retrieved from the vault.
A. PSMConnect
To apply a new license file you must:
A. Upload the license.xml file to the System Safe.
B. Upload the license.xml file to the VaultInternal Safe.
C. Upload the license.xml file to the System Safe and restart the PrivateArk Server service.
D. Upload the license.xml file to the VaultInternal Safe and restart the PrivateArk Server service.
A. Upload the license.xml file to the System Safe.
At what point is a transparent user provisioned in the vault?
A. When a directory mapping matching that user id is created.
B. When a vault admin runs LDAP configuration wizard.
C. The first time the user logs in.
D. During the vault’s nightly LDAP refresh.
A. When a directory mapping matching that user id is created.
Which of the following are supported authentication methods for CyberArk? Check all that apply.
A. CyberArk Password (SRP)
B. LDAP
C. SAML
D. PKI
E. RADIUS
F. OracleSSO
G. Biometric
B. LDAP
D. PKI
E. RADIUS
