New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CyberArk > Defender - Sentry (Combined) > CAU302

CAU302 CyberArk Defender + Sentry Question and Answers

Question # 4

It is possible to restrict the time of day. or day of week that a change process can occur

A.

TRUE

B.

FALSE

Full Access
Question # 5

Which parameter controls how often the Central Policy Manager (CPM) looks for soon-to-be-expired passwords that need to be changed?

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Full Access
Question # 6

Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the target email server during Simple Mail Transfer Protocol (SMTP) integration?

A.

PVWA > Platform Management > Notification Settings

B.

PVWA > Options > Notification Settings

C.

PVWA > Administration > Notification Settings

D.

PVWA > LDAP Integration > Notification Settings

Full Access
Question # 7

The Vault server requires WINS services to work properly.

A.

True

B.

False

Full Access
Question # 8

Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords.

A.

TRUE

B.

FALSE

Full Access
Question # 9

Which of the following components can be used to create a tape backup of the Vault?

A.

Disaster Recovery

B.

Distributed Vaults

C.

Replicate

D.

High Availability

Full Access
Question # 10

It is possible to restrict the time of day. or day of week that a verify process can occur

A.

TRUE

B.

FALSE

Full Access
Question # 11

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to UnixAdmins? Check all that apply

A.

Use Accounts

B.

Retrieve Accounts

C.

List Accounts

D.

Authorize Password Requests

E.

Access Safe without Authorization

Full Access
Question # 12

The Vault needs to send SNMP traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution?

A.

PARAgent.ini

B.

dbparm.ini

C.

ENEConf.ini

D.

my.ini

Full Access
Question # 13

Where do you configure in PVWA the fully-qualified domain name (FQDN) of your target email server during SMTP integration?

A.

PVWA > Platform Management > Notification Settings

B.

PVWA > Options > Notification Settings

C.

PVWA > Administration > Notification Settings

D.

PVWA > LDAP Integartion > Notification Settings

Full Access
Question # 14

An auditor initiates a LIVE monitoring session to PSM server to view an ongoing LIVE session. When the

auditor’s machine makes an RDP connection the PSM server, which user will be used?

A.

PSMAdminConnect

B.

Shadowuser

C.

PSMConnect

D.

Credentials Stored in the Vault for the Target Machine

Full Access
Question # 15

The vault does not support Subnet Based Access Control.

A.

TRUE

B.

FALSE

Full Access
Question # 16

Which file is used to integrate the Vault with the RADIUS server?

A.

radius.ini

B.

PARagent.ini

C.

ENEConf.ini

D.

dbparm.ini

Full Access
Question # 17

Which of the following is NOT a use case for installing multiple CPMS?

A.

A single CPM cannot accommodate the total number of accounts managed

B.

Accounts are managed in multiple sites or VLANs protected by firewall

C.

Reduce network traffic across WAN links

D.

Provide load balancing capabilities when managing passwords on target devices

Full Access
Question # 18

The vault supports Subnet Based Access Control.

A.

TRUE

B.

FALSE

Full Access
Question # 19

Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

A.

Accounts Discovery

B.

Auto Detection

C.

Onboarding RestAPI functions

D.

PTA Rules

Full Access
Question # 20

Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the domain controller during LDAP/S integration?

A.

PVWA > Platform Management > LDAP Integration

B.

PVWA > Administration > LDAP Integration

C.

PVWA > Administration > Options > LDAP Integration

D.

PVWA > LDAP Integration

Full Access
Question # 21

In an SMTP integration it is recommended to use the fully-qualified domain name (FQDN) when specifying the SMTP server addresses).

A.

TRUE

B.

FALSE

Full Access
Question # 22

PSM captures a record of each command that was issues in SQL Plus.

A.

TRUE

B.

FALSE

Full Access
Question # 23

You have associated a logon account to one of your UNIX root accounts in the vault When attempting to verify the root account's password the CPM will...

A.

Ignore the logon account and attempt to log in as root.

B.

Prompt the end user with a dialog box asking for the login account to use.

C.

Log in first with the logon account, then run the su command to log in as root using the password in the vault

D.

None of these.

Full Access
Question # 24

What is the purpose of a password group?

A.

To ensure that a particular collection of accounts all have the same password

B.

To ensure a particular set of accounts all change at the same time

C.

To connect the CPM to a target system

D.

To allow more than one account to work together as part of a password management process

Full Access
Question # 25

Which credentials does CyberArk use when managing a target account?

A.

Those of the service account for the CyberArk Password Manager serviceD18912E1457D5D1DDCBD40AB3BF70D5D

B.

A Domain Administrator account created for this purpose

C.

The credentials of the target account

D.

An account assigned by the Master Policy

Full Access
Question # 26

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

A.

TRUE

B.

FALSE

Full Access
Question # 27

Within the Vault each password is encrypted by

A.

The Server Key

B.

The Recovery Public Key

C.

The Recovery Private key

D.

Its own unique key.

Full Access
Question # 28

What is the purpose of EVD?

A.

To extract vault metadata into an open database platform.

B.

To allow editing of vault metadata.

C.

To create a backup of the MySQL database.

D.

To extract audit data from the vault.

Full Access
Question # 29

The PSM requires the Remote Desktop Web Access role service.

A.

True

B.

False

Full Access
Question # 30

Which type of automatic remediation can be performed by the PTA in case of a Suspecious Password Change security event?

A.

Password Change

B.

Password Reconcilation

C.

Session Suspension

D.

Session Terminiation

Full Access
Question # 31

What is the purpose of the PrivateArk Server service?

A.

Executes password changes.

B.

Makes vault data accessible to components.

C.

Maintains vault metadata.

D.

Sends email alert from the Vault

Full Access
Question # 32

Which of the following is considered a prerequiste for installing PSM?

A.

IIS Web Services Role

B.

HTML5 Gateway

C.

Provider

D.

Remote Desktop Services

Full Access
Question # 33

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

A.

TRUE

B.

FALSE

Full Access
Question # 34

What is the purpose of the CyberArk Event Notification Engine service.

A.

It sends email messages from the CPM

B.

It sends email messages from the Vault.

C.

It processes audit report messages

D.

It makes vault data available to components.

Full Access
Question # 35

Which keys are required to be present in order to start the PrivateArk Server Service? Select all that apply.

A.

Server Key

B.

Recovery Public Key

C.

Recovery Private Key

D.

Safe Key

Full Access