New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CyberArk > Defender > ACCESS-DEF

ACCESS-DEF CyberArk Defender Access (ACC-DEF) Question and Answers

Question # 4

Your organization wants to limit access to the CyberArk Identity user portal to only corporate issued domain-joined laptops without the use of a VPN.

How can you achieve this?

A.

Use the Windows Device Trust agent with certificate-based authentication.

B.

Use the Windows Cloud Agent and CyberArk Identity Connector with Integrated Windows Authentication

C.

Define a range of internal corporate IP addresses and use them to restrict access.

D.

'Use the CyberArk Conjur integration.

Full Access
Question # 5

Where can you download the CyberArk Identity mobile app? (Choose two.)

A.

Download section of the Admin Portal

B.

Support portal

C.

Apple Agp Store

D.

email attachment

E.

Google Play Store

Full Access
Question # 6

What is the most likely reason a CyberArk Identity admin would turn on the "Provisioning" feature within a Web App connector?

A.

to ensure users are automatically on-boarded and off-boarded in a third-party application

B.

to ensure users are provisioned with the appropriate devices when they start

C.

to ensure the web app appears in the users' CyberArk Identity portal when they first sign in

D.

to create an audit log of everytime users sign into the web app

Full Access
Question # 7

Refer to the exhibit.

Which statements are correct regarding this Authentication Policy? (Choose two.)

A.

Users will still be asked for their MFA even if they mistyped their username.

B.

If users have set up CyberArk Mobile Authenticator as an MFA, they will still receive the Push Notification to confirm the request even if they mistyped their password.

C.

Users will not be notified which challenge they failed if their login attempt failed.

D.

If users have set up a Security Question as an MFA, the Security Question will not be displayed to the user to answer even if they mistyped their password.

E.

If the first factor is password and the user is an Active Directory user and the Active Directory is unavailable, this setting does not matter because the user will not be able to authenticate through Active Directory credentials and will see the message "Active Directory not available".

Full Access
Question # 8

Your Chief Executive Officer lost his phone and cannot perform MFA to log in to work.

How can you enable him to bypass MFA right away and not delay his work?

A.

Add a security question to his account on his behalf.

B.

Ask him to configure on-device authenticator.

C.

Ask him to change his phone PIN.

D.

Select theMFA Unlock action for him through the Admin Portal.

Full Access
Question # 9

When configuring an application to use the App Gateway, you do not have to change any configurations in the application directly. You enable the application for App Gateway access in the Admin Portal and input the existing URL that users enter to open the application. You can either use an external URL that CyberArk Identity automatically generates, or you can continue using an existing internal URL.

What is a disadvantage of using an existing internal URL for App Gateway connections?

A.

Existing links and bookmarks do not work outside of the corporate network.

B.

Users must use different URLs depending on whether they access the application internally or externally.

C.

More configuration is needed because you must upload the URL certificate and private key, and edit DNS settings.

D.

Users must use the same URLs regardless of whether they access the application internally or externally and this may confuse them.

Full Access
Question # 10

Which CyberArk Identity supported web standard is commonly used for enterprise Single Sign-On and issues XML tokens for authentication?

A.

SAML2.0

B.

QAuth

C.

RADIUS

D.

LDAP

Full Access
Question # 11

Refer to the exhibit.

How should you configure this default authentication policy to ensure users must authenticate every time they try to access the CyberArk Identity portal or web applications?

A.

Check and enable QR Code under the "Single Authentication Mechanism" section.

B.

Check and enable Security Questions and set the number to "1".

C.

Check and Select "Challenge Pass-Through Duration" to be "No Pass Through".

D.

Check and Select QR Code under Challenge 1.

Full Access
Question # 12

Which dashboard can display the applications launched by users, the application type, and the number of times they were launched?

A.

Admin Portal: Applications Dashboard

B.

User Portal: Activity

C.

Admin Portal: Overview Dashboard

D.

User Behavioral Analytics Portal: Insights Application User Login Summary Dashboard

Full Access
Question # 13

Which 2FA/MFA options can fulfill the "Something you are" requirement? (Choose two.)

A.

email

B.

CyberArk Identity mobile app

C.

F1D02

D.

phone call

E.

security questions

Full Access
Question # 14

An organization previously allowed users to add their personal apps on the Identity User Portal. This will soon be disabled due to policy changes.

What is the impact to the users for personal apps previously added to the User Portal?

A.

They will continue to function normally; however, users cannot add new apps.

B.

They will continue to display on the Apps screen and user devices; however, they will be greyed out and unavailable for any form of interaction.

C.

They will be deleted from the Apps screen and user devices.

D.

They will continue to display on the Apps screen and user devices; however, an error message will display when users try to open the application.

Full Access
Question # 15

Refer to the exhibit.

Within the "Allow user notifications on multiple devices", if you leave the setting as Default (--), what happens if a user triggers a MFA Push notification and has enrolled three different devices?

A.

The push notification will be sent to none of the enrolled devices.

B.

The push notification will be sent to the first enrolled device only.

C.

The push notification will be sent to all enrolled devices.

D.

The push notification will be sent to the last enrolled device only.

Full Access
Question # 16

Which protocols can CyberArk provide MFA for VPN? (Choose two.)

A.

SAML

B.

RADIUS

C.

IMAP

D.

TACACS

E.

LDAP

Full Access
Question # 17

Which administrative right is required to manually start a provisioning synchronization job?

A.

Application Management

B.

User Management

C.

System Enrollment

D.

Register and Administer connectors

Full Access
Question # 18

A user's account information required for multi-factor authentication is not set up properly and is preventing the user from logging in.

What should you do?

A.

Use the MFA Unlock command in the Admin Portal to suspend multifactor authentication for 10 minutes.

B.

Delete the user's account and create a new one.

C.

Ask the user to delete all browser cookies, then try again.

D.

Change the user's director/ source from Active Directory to LDAP for authentication.

Full Access
Question # 19

For each statement listed, indicate if it may be a potential cause of this problem.

Full Access