New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CyberArk > Sentry > PAM-SEN

PAM-SEN CyberArk Sentry PAM Question and Answers

Question # 4

HTML5 Gateway can be installed on which supported UNIX OS versions? (Choose two.)

A.

Red Hat Enterprise Linux 7.x

B.

CentOS 7.x

C.

Ubuntu 20.x

D.

AK 7.x

E.

Android 11.x

Full Access
Question # 5

Which statement is correct about a post-install hardening?

A.

The Vault must be hardened during the Vault installation process. Most Voted

B.

After the Vault server is installed, you must join the server to the Enterprise Domain and reboot the host.

C.

It is executed after Vault installation by running CAVaultHarden.exe and hardening options can be edited by changing the Hardening.ini file. Most Voted

D.

If it is mandated by an organization’s IT governance, you do not have to execute Vault hardening; however, server hardening cannot be reversed.

Full Access
Question # 6

Which statements are correct about the PSM HTML5 gateway? (Choose two.)

A.

Smart card redirection is supported

B.

It does not support connections to target system where NLA is enabled on the PSM server

C.

SSH sessions cannot be established

D.

Printer redirection cannot be enabled

E.

It does not support session recording capabilities for applications that run outside a web browser

Full Access
Question # 7

Which CyberArk component changes passwords on Target Devices?

A.

Vault

B.

CPM

C.

PVWA

D.

PSM

E.

PrivateArk

F.

OPM

G.

AIM

Full Access
Question # 8

Which file must you edit to ensure the PSM for SSH server is not hardened automatically after installation?

A.

vault.ini

B.

user.cred

C.

psmpparms

D.

psmgw.config

Full Access
Question # 9

The Remote Desktop Services role must be property licensed by Microsoft.

A.

TRUE

B.

FALSE

Full Access
Question # 10

What is a valid combination of primary and secondary layers of authentication to a company's two-factor authentication policy?

A.

RSA SecurID Authentication (in PVWA) and LDAP Authentication

B.

CyberArk Authentication and RADIUS Authentication

C.

Oracle SSO (in PVWA) and SAML Authentication

D.

LDAP Authentication and RADIUS Authentication

Full Access
Question # 11

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

A.

Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent. Most Voted

C.

In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.

Full Access
Question # 12

A customer has five PVWA servers. Three are located at the primary data center and the remaining two are at a satellite data center.

What is important to consider about the load balancer? (Choose two.)

A.

It must not alter page content, or should include a mechanism to prevent pages from being altered. Most Voted

B.

It must support “sticky sessions”. Most Voted

C.

It must be able to digitally sign and issue certificates for PVWA servers.

D.

It must be able to connect to all Vault and PVWA servers through Port TCP 443.

E.

It must be configured with high-availability (HA) enabled.

Full Access
Question # 13

Which of the following are supported authentication methods for CyberArk? Check all that apply

A.

CyberArk Password (SRP)

B.

LDAP

C.

SAML

D.

PKI

E.

RADIUS

F.

OracleSSO

G.

Biometric

Full Access
Question # 14

When integrating a Vault with HSM, which file is uploaded to the HSM device?

A.

server.key

B.

recpub.key

C.

recprv.key

D.

mdbase.dat

Full Access
Question # 15

Which parameter must be identical for both the Identity Provider (IdP) and the PVWA?

A.

IdP “EntityID” and “PartnerIdentityProvider Name” in PVWA saml.config file

B.

IdP “User name” and “SingleSignOnServiceUrl” in PVWA saml.config file

C.

IdP “Audience” and “ServiceProviderName” in the PVWA saml.config file

D.

IdP “Secure hash algorithm” and “Certificate” in the PVWA saml.config file

Full Access
Question # 16

A stand alone Vault server requires DNS services to operate properly.

A.

TRUE

B.

FALSE

Full Access
Question # 17

When performing “In Domain” hardening of a PSM server, which steps must be performed? (Choose two.)

A.

Import CyberArk policy settings from the provided file into a new GPO. Most Voted

B.

Apply advanced audit on the PSM server.

C.

Link GPO to a dedicated OU containing CyberArk PSM servers. Most Voted

D.

Import an INF file to the local machine.

E.

Configure AppLocker rules to block running unknown executables.

Full Access
Question # 18

You are installing the HTML5 gateway on a Linux host using the RPM provided.

After installing the Tomcat webapp, what is the next step in the installation process?

A.

Deploy the HTML5 service (guacd). Most Voted

B.

Secure the connection between the guacd and the webapp.

C.

Secure the webapp and JWT validation endpoint.

D.

Configure ASLR.

Full Access
Question # 19

Which component should be installed on the Vault if Distributed Vaults are used with PSM?

A.

RabbitMQ

B.

Disaster Recovery

C.

Remote Control Client

D.

Distributed Vault Server

Full Access
Question # 20

CyberArk User Neil is trying to connect to the Target Linux server 192.168.1.164 using a domain account ACME/linuxuser01 on domain acme.corp using PSM for SSH server 192.168.65.145.

What is the correct syntax?

A.

ssh neil@linuxuser01:acme.corp@192.168.1.164@192.168.65.145

B.

ssh neil@linuxuser01#acme.corp@192.168.1.164@192.168.65.145 Most Voted

C.

ssh neil@linuxuser01@192.168.1.164@192.168.65.145

D.

ssh neil@linuxuser01@acme.corp@192.168.1.164@192.168.65.145

Full Access
Question # 21

In a SIEM integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es)

A.

TRUE

B.

FALSE

Full Access
Question # 22

What authentication methods can be implemented to enforce Two-Factor Authentication (2FA) for users authenticating to CyberArk using both the PVWA (through the browser) and the PrivateArk Client?

A.

LDAP and RADIUS Most Voted

B.

CyberArk and RADIUS

C.

SAML and Cyber Ark

D.

SAML and RADIUS

Full Access
Question # 23

When a DR vault server becomes an active vault, it will automatically fail back to the original state once the primary vault comes back online.

A.

True, this is the default behavior

B.

False, this is not possible

C.

True, if the 'AllowFailback' setting is set to yes in the PADR.ini file.

D.

True if the 'AllowFailback' setting is set to yes in the dbparm mi file

Full Access
Question # 24

A customer asked you to help scope the company's PSM deployment.

What should be included in the scoping conversation?

A.

Recordings file path

B.

Recordings codec

C.

Recordings retention period

D.

Recordings file type

Full Access
Question # 25

As a member of a PAM Level-2 support team, you are troubleshooting an issue related to load balancing four PVWA servers at two data centers. You received a note from your Level-1 support team stating “When testing PVWA website from a workstation, we noticed that the “Source IP of last sign-in” was shown as the VIP (Virtual IP address) assigned to the four PVWA servers instead of the workstation IP where the PVWA site was launched from.”

Which step should you take?

A.

Verify the “LoadBalancerClientAddressHeader” parameter setting in PVWA configuration file Web.config is set to “X-Forwarded-For”.

B.

Add the VIP (Virtual IP address) assigned to the four PVWA servers to the certificates issued for all four PVWA servers, if missing.

C.

Add a firewall rule to allow the testing workstation to connect to the VIP (Virtual IP address) assigned to the four PVWA servers on Port TCP 443.

D.

Edit the dbparm.ini file on the Vault server and add the IP or subnet of the workstation to the whitelist.

Full Access
Question # 26

You want to change the name of the PVWAappuser of the second PVWA server.

Which steps are part of the process? (Choose two.)

A.

Update PVWA.ini with new user name

B.

Update Vault.ini with new user name

C.

Create new user in PrivateArk

D.

Rename user in PrivateArk

E.

Create new cred file for user

Full Access
Question # 27

-

The installCyberArkSSHD parameter on the PSM for SSH can be set to multiple values.

Match each value to the correct condition.

Full Access
Question # 28

Which statement is correct about CPM behavior in a distributed Vault environment?

A.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until another Vault is promoted as the new primary Vault.

B.

CPMs should access only the satellite Vaults.

C.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until the original primary Vault is operational again.

D.

CPM should access all Vaults - primary and the satellite.

Full Access
Question # 29

You are installing multiple PVWAs behind a load balancer.

Which statement is correct?

A.

Port 1858 must be opened between the load balancer and the PVWAs.

B.

The load balancer must be configured in DNS round robin.

C.

The load balancer must support "sticky sessions".

D.

The LoadBalancerClientAddressHeader parameter in the PVWA.ini file must be set.

Full Access
Question # 30

The PrivateArk clients allows a user to view the contents of the vault like a filesystem.

A.

TRUE

B.

FALSE

Full Access
Question # 31

The account used to install a PVWA must have ownership of which safes? (Choose two.)

A.

VaultInternal

B.

PVWAConfig

C.

System

D.

Notification Engine

E.

PVWAReports

Full Access
Question # 32

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

A.

retention period

B.

number of PSMs

C.

number of users

D.

number of targets

Full Access
Question # 33

Which pre-requisite step must be completed before installing a Vault?

A.

Join the server to a domain.

B.

Install a clean operating system.

C.

Install antivirus software.

D.

Copy the master CD to a folder on the Vault server.

Full Access
Question # 34

What are the operating system prerequisites for installing CPM? Select all that apply.

A.

NET 3.51 Framework Feature

B.

Web Services Role

C.

Remote Desktop Services Role

D.

Windows 2008 R2 or higher.

Full Access
Question # 35

You need to add a new PSM server to an existing CyberArk environment.

What is the best way to determine the sizing of this server?

A.

Review the “Recommended Server Specifications” for PSMs in the CyberArk Documents website. Most Voted

B.

Use the specifications of any existing PSM and request a server of the same size.

C.

Use the CyberArk Support Knowledgebase, search for “PSM Sizing” and locate the Knowledgebase article related to sizing.

D.

Refer to the Microsoft Windows website, determine the minimum specifications required for the Operating System you are installing, and then add 4 Gb of RAM and 20 GB of disk.

Full Access
Question # 36

Which utility should be used to register the Vault in Amazon Web Services?

A.

CAVaultManager Most Voted

B.

StorageManager

C.

CloudVaultManager

D.

CACert

Full Access
Question # 37

If a customer has one data center and requires fault tolerance, how many PVWAs should be deployed?

A.

two or more

B.

one PVWA cluster

C.

one

D.

two PVWA clusters

Full Access
Question # 38

In order to avoid conflicts with the hardening process, third party applications like Antivirus and Backup Agents should be installed on the Vault server before installing the Vault.

A.

TRUE

B.

FALSE

Full Access
Question # 39

You are designing the number of PVWAs a customer must deploy. The customer has three data centers with a distributed Vault in each, requires high availability, and wants to use all Vaults at all times.

How many PVWAs does the customer need?

A.

six or more

B.

four

C.

two or less

D.

three

Full Access
Question # 40

What is a prerequisite step before installing the Vault on Windows 2019?

A.

Configure the Kerberos authentication method on the default IIS Application pool

B.

Check that the server IP address is correctly configured and that it is static

C.

In the Network Connection properties, configure Preferred DNS Servers

D.

Install Microsoft Windows patch KB4014998

Full Access