New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CyberArk > CyberArk CDE Certification > PAM-CDE-RECERT

PAM-CDE-RECERT CyberArk CDE Recertification Question and Answers

Question # 4

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Full Access
Question # 5

Your customer has five main data centers with one PVWA in each center under different URLs. How can you make this setup fault tolerant?

A.

This setup is already fault tolerant

B.

Install more PVWAs in each data center

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered

D.

Load balance all PVWAs under same urL

Full Access
Question # 6

tsparm.ini is the main configuration file for the Vault.

A.

True

B.

False

Full Access
Question # 7

SAFE Authorizations may be granted to____________.

Select all that apply.

A.

Vault Users

B.

Vault Group

C.

LDAP Users

D.

LDAP Groups

Full Access
Question # 8

You are helping a customer prepare a Windows server for PSM installation. What is required for a successful installation?

A.

Window 2012 KB4558843

B.

Remote Desktop services (RDS) Session Host Roles

C.

Windows 2016 KB4558843

D.

Remote Desktop services (RDS) Session Broker

Full Access
Question # 9

As vault Admin you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?

A.

Audit Users and Add Network Areas

B.

Audit Users and Manage Directory Mapping

C.

Audit Users and Add/Update Users

D.

Audit Users and Activate Users

Full Access
Question # 10

Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

A.

TRUE

B.

FALSE

Full Access
Question # 11

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Full Access
Question # 12

Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.

A.

PSM connections to target devices that are not managed by CyberArk.

B.

Session Recording.

C.

Real-time live session monitoring.

D.

PSM connections from a terminal without the need to login to the PVWA.

Full Access
Question # 13

Within the Vault each password is encrypted by:

A.

the server key

B.

the recovery public key

C.

the recovery private key

D.

its own unique key

Full Access
Question # 14

A logon account can be specified in the platform settings.

A.

True

B.

False

Full Access
Question # 15

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Full Access
Question # 16

CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault.

A.

TRUE

B.

FALSE

Full Access
Question # 17

What is a requirement for setting fault tolerance for PSMs?

A.

Use a load balancer

B.

use a backup solution

C.

CPM must be in all data centers

D.

Install the Vault in an HA Cluster

Full Access
Question # 18

Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.

Full Access
Question # 19

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to [b]change [/b] the root account’s password the CPM will…..

A.

Log in to the system as root, then change root's password

B.

Log in to the system as the logon account, then change roofs password

C.

Log in to the system as the logon account, run the su command to log in as root, and then change root’s password.

D.

None of these

Full Access
Question # 20

Which permissions are needed for the Active Directory user required by the Windows Discovery process?

A.

Domain Admin

B.

LDAP Admin

C.

Read/Write

D.

Read

Full Access
Question # 21

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Full Access
Question # 22

Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

A.

TRUE

B.

FALSE

Full Access
Question # 23

Which user is automatically added to all Safes and cannot be removed?

A.

Auditor

B.

Administrator

C.

Master

D.

Operator

Full Access
Question # 24

Which authentication methods does PSM for SSH support?

A.

CyberArk Password, LDAP, RADIUS, SAML

B.

LDAP, Windows Authentication, SSH Keys

C.

RADIUS, Oracle SSO, CyberArk Password

D.

CyberArk Password, LDAP, RADIUS

Full Access
Question # 25

You receive this error:

“Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.”

Which root cause should you investigate?

A.

The account does not have sufficient permissions to change its own password.

B.

The domain controller is unreachable.

C.

The password has been changed recently and minimum password age is preventing the change.

D.

The CPM service is disabled and will need to be restarted.

Full Access
Question # 26

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

A.

PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM SSH Proxy)

D.

All of the above

Full Access
Question # 27

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Full Access
Question # 28

Select the best practice for storing the Master CD.

A.

Copy the files to the Vault server and discard the CD

B.

Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD

C.

Store the CD in a secure location, such as a physical safe

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault

Full Access
Question # 29

Match the built-in Vault User with the correct definition.

Full Access
Question # 30

You are installing multiple PVWAs behind a load balancer. Which statement is correct?

A.

Port 1858 must be opened between the load balancer and the PVWAs

B.

The load balancer must be configured in DNS round robin.

C.

The load balancer must support "sticky sessions".

D.

The LoadBalancerClientAddressHeader parameter in the PVwA.ini file must be set.

Full Access
Question # 31

The Password upload utility can be used to create safes.

A.

TRUE

B.

FALS

Full Access