Question # 4
Which certificate type do you need to configure the vault for LDAP over SSL?
Question # 7
In the Private Ark client under the Tools menu > Administrative Tools > Users and Groups, which option do you use to update users’ Vault group memberships?
Question # 8
In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.
Question # 9
Which of the following PTA detections are included in the Core PAS offering?
Question # 10
When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.
Question # 11
Which accounts can be selected for use in the Windows discovery process? (Choose two.)
Question # 12
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?
Question # 13
Your organization requires all passwords be rotated every 90Â days.
Where can you set this regulatory requirement?
Question # 16
A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?
Question # 18
When running a “Privileged Accounts Inventory†Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?
Question # 19
As long as you are a member of the Vault Admins group you can grant any permission on any safe.
Question # 20
A new HTML5 Gateway has been deployed in your organization.
From the PVWA, arrange the steps to configure a PSM host to use the HTML5 Gateway in the correct sequence.
Question # 21
You are onboarding an account that is not supported out of the box.
What should you do first to obtain a platform to import?
Question # 23
You receive this error:
“Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.â€
Which root cause should you investigate?
Question # 24
You need to enable the PSM for all platforms.
Where do you perform this task?
Question # 25
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.
Question # 26
In the Private Ark client, how do you add an LDAP group to a CyberArk group?
Question # 27
Before failing back to the production infrastructure after a DR exercise, what must you do to maintain audit history during the DR event?
Question # 28
A user is receiving the error message “ITATS006E Station is suspended for User jsmith†when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?
Question # 29
When the CPM connects to a database, which interface is most commonly used?
Question # 30
You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events.
Where must you update the group to allow this?
Question # 32
Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.
Question # 35
CyberArk recommends implementing object level access control on all Safes.
Question # 37
You notice an authentication failure entry for the DR user in the ITALog.
What is the correct process to fix this error? (Choose two.)
Question # 39
A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.
What is the issue?
Question # 40
According to CyberArk, which issues most commonly cause installed components to display as disconnected in the System Health Dashboard? (Choose two.)
Question # 41
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.
What is the correct location to identify users or groups who can approve?
Question # 42
You have been given the requirement that certain accounts cannot have their passwords updated during business hours.
How can you set up a configuration to meet this requirement?
Question # 43
You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?
Question # 44
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.
Question # 46
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?
Question # 49
You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?
Question # 51
What is the maximum number of levels of authorization you can set up in Dual Control?
Question # 53
Where can reconcile and/or logon accounts be linked to an account? (Choose two.)
Question # 54
What are the mandatory fields when onboarding from Pending Accounts? (Choose two.)
Question # 55
As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.
Question # 57
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.
Which safe permission do you need to grant Operations Staff? Check all that apply.
Question # 58
Which change could CyberArk make to the REST API that could cause existing scripts to fail?
Question # 59
Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.
Question # 60
A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.
Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?
Question # 61
You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.
Which security configuration should you recommend?
Question # 62
Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.
Question # 63
PSM for Windows (previously known as “RDP Proxyâ€) supports connections to the following target systems
Question # 64
One can create exceptions to the Master Policy based on ____________________.
Question # 65
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.
Question # 66
Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?
Question # 67
In a rule using “Privileged Session Analysis and Response†in PTA, which session options are available to configure as responses to activities?
Question # 68
Which report could show all accounts that are past their expiration dates?
Question # 69
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.
