New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

PAM-CDE-RECERT CyberArk CDE Recertification Questions and Answers

Questions 4

Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Options:

A.

Use Accounts, Retrieve Accounts, List Accounts

B.

Use Accounts, List Accounts

C.

Use Accounts

D.

List Accounts, Retrieve Accounts

Buy Now
Questions 5

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

Options:

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Buy Now
Questions 6

When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

Options:

A.

Platform

B.

Connection Component

C.

CPM

D.

Vault

Buy Now
Questions 7

Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 8

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Buy Now
Questions 9

Match the built-in Vault User with the correct definition.

PAM-CDE-RECERT Question 9

Options:

Buy Now
Questions 10

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Options:

A.

Suspected credential theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged privileged access

Buy Now
Questions 11

Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

PAM-CDE-RECERT Question 11

Options:

Buy Now
Questions 12

When managing SSH keys, the CPM stores the Public Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the public key can always be generated from the private key.

Buy Now
Questions 13

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Options:

A.

True.

B.

False. Because the user can also enter credentials manually using Secure Connect.

C.

False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSM Connect.

D.

False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.

Buy Now
Questions 14

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Buy Now
Questions 15

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

Options:

A.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway

B.

Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers

C.

Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway

D.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details

Buy Now
Questions 16

When on-boarding account using Accounts Feed, Which of the following is true?

Options:

A.

You must specify an existing Safe where are account will be stored when it is on boarded to the Vault

B.

You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault.

C.

You can specify the name of a new Platform that will be created and associated with the account

D.

Any account that is on boarded can be automatically reconciled regardless of the platform it is associated with.

Buy Now
Questions 17

As vault Admin you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?

Options:

A.

Audit Users and Add Network Areas

B.

Audit Users and Manage Directory Mapping

C.

Audit Users and Add/Update Users

D.

Audit Users and Activate Users

Buy Now
Questions 18

Which one the following reports is NOT generated by using the PVWA?

Options:

A.

Accounts Inventory

B.

Application Inventory

C.

Sales List

D.

Convince Status

Buy Now
Questions 19

One can create exceptions to the Master Policy based on ____________________.

Options:

A.

Safes

B.

Platforms

C.

Policies

D.

Accounts

Buy Now
Questions 20

If a customer has one data center and requires high availability, how many PVWA's should be deployed.

Options:

A.

Two

B.

One PVWA cluster

C.

One

D.

Two PVWA Cluster

Buy Now
Questions 21

What is mandatory for a PVWA installation?

Options:

A.

A DNS entry for PVWA url must be created.

B.

A company signed TLS certificate must be imported into the server

C.

A vault Administrator user must be used to register the PVWA

D.

Data Execution Prevention must be disabled.

Buy Now
Questions 22

Which user(s) can access all passwords in the Vault?

Options:

A.

Administrator

B.

Any member of Vault administrators

C.

Any member of auditors

D.

Master

Buy Now
Questions 23

Which item is an option for PSM recording customization?

Options:

A.

Windows events text recorder with automatic play-back

B.

Windows events text recorder and universal keystrokes recording simultaneously

C.

Universal keystrokes text recorder with windows events text recorder disabled

D.

Custom audio recording for windows events

Buy Now
Questions 24

You are installing HTML5 gateway on a Linux host using the RPM provided. After installing the Tomcat webapp, what is the next step in the installation process?

Options:

A.

Deploy the HTML5 service (guacd)

B.

Secure the connection between the guacd and the webapp

C.

Secure the webapp and JWT validation endpoint

D.

Configure ASLR

Buy Now
Questions 25

Which of the Following can be configured in the Master Poky? Choose all that apply.

Options:

A.

Dual Control

B.

One Time Passwords

C.

Exclusive Passwords

D.

Password Reconciliation

E.

Ticketing Integration

F.

Required Properties

G.

Custom Connection Components

Buy Now
Questions 26

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

Options:

A.

PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM SSH Proxy)

D.

All of the above

Buy Now
Questions 27

Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Activity Log

D.

Privileged Accounts CPM Status

Buy Now
Questions 28

Which of the following PTA detections are included in the Core PAS offering?

Options:

A.

Suspected Credential Theft

B.

Over-Pass-The Hash

C.

Golden Ticket

D.

Unmanaged Privileged Access

Buy Now
Questions 29

Which components support fault tolerance.

Options:

A.

CPM and PVWA

B.

PVWA and PSM

C.

PSM and PTA

D.

CPM and PTA

Buy Now
Questions 30

Which option in the Private Ark client is used to update users’ Vault group memberships?

Options:

A.

Update > General tab

B.

Update > Authorizations tab

C.

Update > Member Of tab

D.

Update > Group tab

Buy Now
Questions 31

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Options:

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Buy Now
Questions 32

Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.

Which steps should you perform to restore DR replication to normal?

Options:

A.

Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

B.

Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

C.

Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

D.

Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

Buy Now
Questions 33

Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

Options:

A.

PAR Agent

B.

PrivateArk Server Central Administration

C.

Edit DBParm.ini in a text editor.

D.

Setup.exe

Buy Now
Questions 34

Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Options:

A.

Auditors

B.

Vault Admin

C.

DR Users

D.

Operators

Buy Now
Questions 35

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.

How should this be configured to allow for password management using least privilege?

Options:

A.

Configure each CPM to use the correct logon account.

B.

Configure each CPM to use the correct reconcile account.

C.

Configure the UNIX platform to use the correct logon account.

D.

Configure the UNIX platform to use the correct reconcile account.

Buy Now
Questions 36

Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Options:

A.

Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.

B.

Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.

C.

Yes, if a logon account is associated with the root account.

D.

No, it is not possible.

Buy Now
Questions 37

The password upload utility must run from the CPM server

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 38

Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Options:

A.

PrivateArk Database

B.

PrivateArk Server

C.

CyberArk Vault Disaster Recovery (DR) service

D.

CyberArk Logical Container

Buy Now
Questions 39

If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Options:

A.

the vault will not allow this situation to occur.

B.

only those permissions that exist on the group added to the safe first.

C.

only those permissions that exist in all groups to which the user belongs.

D.

the cumulative permissions of all groups to which that user belongs.

Buy Now
Questions 40

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 41

You have been asked to configure SNMP remote monitoring for your organization's Vault servers. In the PARAgent.ini, which parameter specifies the destination of the Vault SNMP Traps?

Options:

A.

SNMPHostIP

B.

SNMPTrapPort

C.

SNMPCommunity

D.

SNMP Version

Buy Now
Questions 42

The vault supports Subnet Based Access Control.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 43

You have been asked to turn off the time access restrictions for a safe.

Where is this setting found?

Options:

A.

PrivateArk

B.

RestAPI

C.

Password Vault Web Access (PVWA)

D.

Vault

Buy Now
Questions 44

What is the chief benefit of PSM?

Options:

A.

Privileged session isolation

B.

Automatic password management

C.

Privileged session recording

D.

‘Privileged session isolation’ and ‘Privileged session recording’

Buy Now
Questions 45

A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.

What is the issue?

Options:

A.

The user must login as PSMAdminConnect

B.

The PSM service is not running

C.

The user is not a member of the PVWAMonitor group

D.

The user is not a member of the Auditors group

Buy Now
Questions 46

How much disk space do you need on the server for a PAReplicate?

Options:

A.

500 GB

B.

1 TB

C.

same as disk size on Satellite Vault

D.

same as disk size on Primary Vault

Buy Now
Questions 47

What is the easiest way to duplicate an existing platform?

Options:

A.

From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.

B.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.

C.

From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.

D.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.

Buy Now
Questions 48

What is a requirement for setting fault tolerance for PSMs?

Options:

A.

Use a load balancer

B.

use a backup solution

C.

CPM must be in all data centers

D.

Install the Vault in an HA Cluster

Buy Now
Questions 49

A Logon Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 50

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

Options:

A.

Operating System Username

B.

Host IP Address

C.

Client Hostname

D.

Operating System Type (Linux/Windows/HP-UX)

E.

Vault IP Address

F.

Time Frame

Buy Now
Questions 51

You are creating a Dual Control workflow for a team’s safe.

Which safe permissions must you grant to the Approvers group?

Options:

A.

List accounts, Authorize account request

B.

Retrieve accounts, Access Safe without confirmation

C.

Retrieve accounts, Authorize account request

D.

List accounts, Unlock accounts

Buy Now
Questions 52

Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?

Options:

A.

Credentials stored in the Vault for the target machine

B.

Shadowuser

C.

PSMConnect

D.

PSMAdminConnect

Buy Now
Questions 53

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Options:

A.

True; this is the default behavior

B.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file

D.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file

Buy Now
Questions 54

It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 55

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account’s password the Central Policy Manager (CPM) will:

Options:

A.

ignore the logon account and attempt to log in as root

B.

prompt the end user with a dialog box asking for the login account to use

C.

log in first with the logon account, then run the SU command to log in as root using the password in the Vault

D.

none of these

Buy Now
Questions 56

You are onboarding an account that is not supported out of the box.

What should you do first to obtain a platform to import?

Options:

A.

Create a service ticket in the customer portal explaining the requirements of the custom platform.

B.

Search common community portals like stackoverflow, reddit, github for an existing platform.

C.

From the platforms page, uncheck the “Hide non-supported platforms” checkbox and see if a platform meeting your needs appears.

D.

Visit the CyberArk marketplace and search for a platform that meets your needs.

Buy Now
Questions 57

Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 58

An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?

Options:

A.

PSMAdminConnect

B.

Shadowuser

C.

PSMConnect

D.

Credentials stored in the Vault for the target machine

Buy Now
Questions 59

Which report provides a list of account stored in the vault.

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Entitlement Report

D.

Active Log

Buy Now
Questions 60

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 61

dbparm.ini is the main configuration file for the Vault.

Options:

A.

True

B.

False

Buy Now
Questions 62

PSM captures a record of each command that was executed in Unix.

Options:

A.

TRIE

B.

FALSE

Buy Now
Exam Code: PAM-CDE-RECERT
Exam Name: CyberArk CDE Recertification
Last Update: Dec 20, 2024
Questions: 207

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PAM-CDE-RECERT testing engine

PDF (Q&A)

$36.75  $104.99
buy now PAM-CDE-RECERT pdf