PAM-CDE-RECERT CyberArk CDE Recertification Question and Answers

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

Your customer has five main data centers with one PVWA in each center under different URLs. How can you make this setup fault tolerant?

tsparm.ini is the main configuration file for the Vault.

SAFE Authorizations may be granted to____________.

Select all that apply.

You are helping a customer prepare a Windows server for PSM installation. What is required for a successful installation?

As vault Admin you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?

Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.

Within the Vault each password is encrypted by:

A logon account can be specified in the platform settings.

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault.

What is a requirement for setting fault tolerance for PSMs?

Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to [b]change [/b] the root account’s password the CPM will…..

Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Which user is automatically added to all Safes and cannot be removed?

Which authentication methods does PSM for SSH support?

You receive this error:

“Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.”

Which root cause should you investigate?

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Select the best practice for storing the Master CD.

Match the built-in Vault User with the correct definition.

You are installing multiple PVWAs behind a load balancer. Which statement is correct?

The Password upload utility can be used to create safes.