PAM-CDE-RECERT CyberArk CDE Recertification Questions and Answers

The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

What is the purpose of the PrivateArk Server service?

After installing the first PSM server and before installing additional PSM servers you must ensure the user performing the installation is not a direct owner of which safe?

Match each component to its respective Log File location.

You are creating a new Rest API user that utilizes CyberArk Authentication.

What is a correct process to provision this user?

You are helping a customer prepare a Windows server for PSM installation. What is required for a successful installation?

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

A customer installed multiple PVWAs in the production environment behind a load balancer VIP. They subsequently observed that all incoming traffic from the load balancer VIP goes to only one PVWA, even though all the PVWAs are up and running. What could be the likely cause of this situation?

You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.

What do you need to recover and decrypt the object? (Choose three.)

The vault supports Role Based Access Control.

What is the purpose of the PrivateArk Database service?

Which parameter must be provided when registering a primary Vault in Azure, but not in Amazon Web Services''

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

A logon account can be specified in the platform settings.

Which configuration file and Vault utility are used to migrate the server key to an HSM?

Which item is an option for PSM recording customization?

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

dbparm.ini is the main configuration file for the Vault.

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.

What is the correct location to identify users or groups who can approve?

It is possible to control the hours of the day during which a user may log into the vault.

Which of the Following can be configured in the Master Poky? Choose all that apply.

Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

As vault Admin you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?

Which Automatic Remediation is configurable for a PTA detection of a “Suspected Credential Theft”?

Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Which component must be installed on the Vault if Distributed Vaults is used with PSM?

What is the default username for the PSM for SSH maintenance user?

You have been asked to design the number of PVWAs a customer must deploy. The customer has three data centers with a distributed vault in each, requires high availability, and wants to use all vaults, at all times. How many PVWAs does the customer need?

In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.

What is the issue?

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

Which browser is supported for PSM Web Connectors developed using the CyberArk Plugin Generator Utility (PGUP

Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Which step is required to register a Vault manually in Amazon Web Services using CAVaultManager?

Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Match the log file name with the CyberArk Component that generates the log.

When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Which of the following PTA detections are included in the Core PAS offering?

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

What is the purpose of a linked account?

In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.

What is the least intrusive way to accomplish this?

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

What is the primary purpose of Dual Control?

A customer is deploying PVWAs in the Amazon Web Services Public Cloud. Which load balancing option does CyberArk recommend?

What is the purpose of the password change process?

Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Match the connection component to the corresponding OS/Function.

Your customer has five main data centers with one PVWA in each center under different URLs. How can you make this setup fault tolerant?

What is the primary purpose of One Time Passwords?

When managing SSH keys, the CPM stored the Private Key

A customer's environment three data centers, consisting of 5,000 servers in Germany, 10,000 servers in Canada, 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPM's should you deploy?

Which user is automatically added to all Safes and cannot be removed?

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?