Halloween Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CyberArk > CyberArk Secrets Manager > SECRET-SEN

SECRET-SEN CyberArk Sentry Secrets Manager Question and Answers

Question # 4

During the configuration of Conjur, what is a possible deployment scenario?

A.

The Leader and Followers are deployed outside of a Kubernetes environment; Slandbys can run inside a Kubernetes environment.

B.

The Conjur Leader cluster is deployed outside of a Kubernetes environment; Followers can run inside or outside the environment.

C.

The Leader cluster is deployed outside a Kubernetes environment; Followers and Standbys can run inside or outside the environment.

D.

The Conjur Leader cluster and Followers are deployed inside a Kubernetes environment.

Full Access
Question # 5

You are setting up the Secrets Provider for Kubernetes to support rotation with Push-to-File mode.

Which deployment option should be used?

A.

Init container

B.

Application container

C.

Sidecar

D.

Service Broker

Full Access
Question # 6

You want to allow retrieval of a secret with the CCP. The safe and the required secrets already exist.

Assuming the CCP is installed, arrange the steps in the correct sequence.

Full Access
Question # 7

When loading policy, you receive a 422 Response from Conjur with a message.

What could cause this issue?

A.

malformed Policy file

B.

incorrect Leader URL

C.

misconfigured Load Balancer health check

D.

incorrect Vault Conjur Synchronizer URL

Full Access
Question # 8

In a 3-node auto-failover cluster, the Leader has been brought down for patching that lasts longer than the configured TTL. A Standby has been promoted.

Which steps are required to repair the cluster when the old Leader is brought back online?

A.

On the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list.

Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.

B.

Generate a Standby seed for the newly promoted Leader.

Stop and remove the container on the new Leader, then rebuild it as a new Standby.

Re-enroll the Standby to the cluster and re-base replication of the 3rd Standby back to the old Leader.

C.

Generate standby seeds for the newly-promoted Leader and the 3rd Standby

Stop and remove the containers and then rebuild them as new Standbys.

On both new Standbys, re-enroll the node to the cluster.

D.

On the new Leader, generate a Standby seed for the old Leader node and re-upload the auto-failover policy in “replace” mode.

Rebuild the old Leader as a new Standby, then re-enroll the node to the cluster.

Full Access
Question # 9

A customer requires high availability in its AWS cloud infrastructure.

What is the minimally viable Conjur deployment architecture to achieve this?

A.

one Follower in each AZ. load balancer for the region

B.

two Followers in each region, load balanced for the region

C.

two Followers in each AZ. load balanced for the region

D.

two Followers in each region, load balanced across all regions

Full Access
Question # 10

Arrange the manual failover configuration steps in the correct sequence.

Full Access
Question # 11

How many Windows and Linux servers are required for a minimal Conjur deployment that integrates with an existing CyberArk PAM Vault environment, supports high availability, and is redundant across two geographically disparate regions?

A.

5 Linux servers, 2 Windows servers

B.

9 Linux servers, 2 Windows servers

C.

3 Linux servers, 1 Windows server

D.

10 Linux servers, 2 Windows server

Full Access
Question # 12

You are enabling synchronous replication on Conjur cluster.

What should you do?

A.

Execute this command on the Leader:

docker exec sh –c”

evoke replication sync that

*

B.

Execute this command on each Standby:

docker exec sh –c”

evoke replication sync that

*

C.

In Conjur web UI, click the Tools icon in the top right corner of the main window.

Choose Conjur Cluster and click “Enable synchronous replication” in the entry for Leader.

D.

In Conjur web UI, click the Tools icon in the top right corner of the main window.

Choose Conjur Cluster and click “Enable synchronous replication” in the entry for Standbys.

Full Access
Question # 13

When installing the Vault Conjur Synchronizer, you see this error:

Forbidden

Logon Token is Empty – Cannot logon

Unauthorized

What must you ensure to remediate the issue?

A.

This admin user must not be logged in to other sessions during the Vault Conjur Synchronizer installation process.

B.

You specified the correct url for Conjur and it is listed as a SAN on that url’s certificate.

C.

You correctly URI encoded the url in the installation script.

D.

You ran powershell as Administrator and there is sufficient space on the server on which you are running the installation.

Full Access
Question # 14

You are upgrading an HA Conjur cluster consisting of 1x Leader, 2x Standbys & 1x Follower. You stopped replication on the Standbys and Followers and took a backup of the Leader.

Arrange the steps to accomplish this in the correct sequence.

Full Access
Question # 15

A customer wants to minimize the Kubernetes application code developers must change to adopt Conjur for secrets access.

Which solutions can meet this requirement? (Choose two.)

A.

CPM Push-to-File

B.

Secrets Provider

C.

authn-Azure

D.

Secretless

E.

Application Server Credential Provider

Full Access
Question # 16

When attempting to retrieve a credential managed by the Synchronizer, you receive this error:

What is the cause of the issue?

A.

The Conjur Leader has lost upstream connectivity to the Vault Conjur Synchronizer.

B.

The host does not have access to the credential.

C.

The path to the credential was not properly encoded.

D.

The Vault Conjur Synchronizer has crashed and needs to be restarted.

Full Access
Question # 17

What is a possible Conjur node role change?

A.

A Standby may be promoted to a Leader.

B.

A Follower may be promoted to a Leader.

C.

A Standby may be promoted to a Follower.

D.

A Leader may be demoted to a Standby in the event of a failover.

Full Access
Question # 18

You are setting up a Kubernetes integration with Conjur. With performance as the key deciding factor, namespace and service account will be used as identity characteristics.

Which authentication method should you choose?

A.

JWT-based authentication

B.

Certificate-based authentication

C.

API key authentication

D.

Connect (OIDC) authentication

Full Access