New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

PAM-SEN CyberArk Sentry PAM Questions and Answers

Questions 4

You are configuring the Vault to send syslog audit data to your organization’s SIEM solution.

What is a valid value for the SyslogServerProtocol parameter in DBPARM.INI file?

Options:

A.

TLS

B.

SSH

C.

SMTP

D.

SNMP

Buy Now
Questions 5

As Vault Admin, you have been asked to enable your organization's CyberArk users to authenticate using LDAP.

In addition to Audit Users, which permission do you need to complete this task?

Options:

A.

Add Network Areas

B.

Manage Directory Mapping

C.

Add/Update Users

D.

Activate Users

Buy Now
Questions 6

What must you do to synchronize a new Vault server with an organization’s NTP server?

Options:

A.

Configure an AllowNonStandardFWAddresses rule for the organization’s NTP server in DBParm.ini on the Vault server.

B.

Use the Windows Firewall console to configure a rule on the Vault server which allows communication with the organization’s NTP server.

C.

Ensure the organization’s NTP server is installed in the same location as the Vault server requiring synchronization.

D.

Update the AutoSyncExternalObjects configuration in DBParm.ini on the Vault server to schedule regular synchronization.

Buy Now
Questions 7

What is a step to enable NTP synchronization on a stand-alone Vault?

Options:

A.

Run Powershell and add the NTP module.

B.

Restart the organization's NTP servers.

C.

Edit dbparm.ini and add a Firewall rule for the NTP address.

D.

Restart the Vault Event Notification Engine service.

Buy Now
Questions 8

What are the basic network requirements to deploy a CPM server?

Options:

A.

Port 1858 to Vault and Port 443 to PVWA

B.

Port 1858 only

C.

all ports to the Vault

D.

Port UDP/1858 to Vault and all required ports to targets and Port 389 to the PSM

Buy Now
Questions 9

Which configuration file and Vault utility are used to migrate the server key to an HSM?

Options:

A.

DBparm.ini and CAVaultManager.exe

B.

VaultKeys.ini and CAVaultManager.exe

C.

DBparm.ini and ChangeServerKeys.exe

D.

VaultKeys.ini and ChangeServerKeys.exe

Buy Now
Questions 10

This value needs to be added to the PVWA configuration file:

Assuming all CyberArk PVWA servers were installed using default paths/folders, which configuration file should you locate and edit to accomplish this?

Options:

A.

c:\inetpub\wwwroot\passwordvault\web.config

B.

c:\inetpub\wwwroot\passwordvault\services\web.config

C.

c:\cyberark\password vault web access\env\web.config

D.

c:\program files\cyberark\password vault web access\web.config

Buy Now
Questions 11

Which file would you modify to configure your Vault Server to forward Activity Logs to a SIEM or SYSLOG server?

Options:

A.

dbparm.ini

B.

PARagent.ini

C.

ENEConf.ini

D.

padr.ini

Buy Now
Questions 12

You are installing PSM for SSH with AD-Bridge and CyberArkSSHD mode set to integrated for your customer.

Which additional packages do you need to install to meet the customer’s needs? (Choose two.)

Options:

A.

CARKpsmp-infra

B.

libssh

C.

OpenSSH 7.8 or higher

D.

CARKpsmp-ADBridge

E.

CARKpsmp-SSHD

Buy Now
Questions 13

A stand alone Vault server requires DNS services to operate properly.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 14

Which user is enabled when replicating data between active and stand-by Vaults?

Options:

A.

DR

B.

Backup

C.

Operator

D.

Auditor

Buy Now
Questions 15

Which statement is correct about CPM behavior in a distributed Vault environment?

Options:

A.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until another Vault is promoted as the new primary Vault.

B.

CPMs should access only the satellite Vaults.

C.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until the original primary Vault is operational again.

D.

CPM should access all Vaults - primary and the satellite.

Buy Now
Questions 16

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? Choose all that apply

Options:

A.

Store the CD in a physical safe and mount the CD every time vault maintenance is performed.

B.

Copy the contents of the CD to the System Safe on the vault

C.

Copy the contents of the CD to a folder on the vault server and secure it with NTFS permissions.

D.

Store the server key in a Hardware Security Module.

E.

Store the server key in the Provider cache

Buy Now
Questions 17

In which configuration file do you add LoadBalancerClientAddressHeader when you enable x-forwarding on the PVWA loadbalancer?

Options:

A.

PVconfiguration.xml

B.

web.config

C.

apigw.ini

D.

CyberArkScheduledTasks.exe.config

Buy Now
Questions 18

When configuring RADIUS authentication, which utility is used to create a file containing an encrypted version of the RADIUS secret?

Options:

A.

CAVaultManager

B.

CACert

C.

CreateAuthFile

D.

CreateCredFile

Buy Now
Questions 19

You are successfully managing passwords in the alpha cyberark com domain; however, when you attempt to manage a password in the beta cyberark com domain, you receive the 'network path not found' error. What should you check first?

Options:

A.

That the username and password are correct

B.

That the CPM can successfully resolve addresses in the beta cyberark com domain

C.

That the end user has the correct permissions on the safe.

D.

That an appropriate trust relationship exists between alpha.cyberark com and beta cyberark.com

Buy Now
Questions 20

The primary purpose of the CPM is Password Management.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 21

What is the default username for the PSM for SSH maintenance user when InstallCyberarkSSHD is set to yes?

Options:

A.

proxymng

B.

psmp_maintenance

C.

psmpmaintenanceuser

D.

psmpmnguser

Buy Now
Questions 22

You are designing the number of PVWAs a customer must deploy. The customer has three data centers with a distributed Vault in each, requires high availability, and wants to use all Vaults at all times.

How many PVWAs does the customer need?

Options:

A.

six or more

B.

four

C.

two or less

D.

three

Buy Now
Questions 23

All 80 employees from your satellite Tokyo office are complaining that browsing the PVWA site is very slow; however, your New York headquarters users are not experiencing this. The current PAM solution is:

2 distributed Vaults, the primary one in New York and a satellite in Tokyo

2 PVWA servers, both in New York with load balancing configured

2 PSM servers, both in New York without load balancing configured

1 CPM server in New York

All PVWA, PSM, and CPM servers are connected to the primary Vault

Which proposal optimally resolves the performance issue while minimizing the impact to production?

Options:

A.

Install two new PVWA servers in Tokyo data center, configure load balancing, connect to the local satellite Vault and provide the URL of new PVWA servers to the local employees.

B.

Install two new PVWA servers in New York data center, configure load balancing and have them connect to the satellite Vault in Tokyo.

C.

Install two new PSM servers in the Tokyo data center, configure load balancing, connect to the local satellite vault, and inform the local employees to browse using the same PVWA URL.

D.

Change the current distributed Vaults architecture, migrate back to a Primary-DR architecture, install two new PVWA servers in the Tokyo data center and configure load balancing. Connect to the local DR Vault and provide the URL of new PVWA servers to the local employees.

Buy Now
Questions 24

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:

A.

Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent. Most Voted

C.

In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.

Buy Now
Questions 25

Which component should be installed on the Vault if Distributed Vaults are used with PSM?

Options:

A.

RabbitMQ

B.

Disaster Recovery

C.

Remote Control Client

D.

Distributed Vault Server

Buy Now
Questions 26

Your customer wants to store the Safes Data on Vault Drive D instead of Drive C.

Which file should you edit?

Options:

A.

TSparm.ini Most Voted

B.

Vault.ini

C.

DBparm.ini

D.

user.ini

Buy Now
Questions 27

In a SIEM integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es)

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

In large-scale environments, it is important to enable the CPM to focus its search operations on specific Safes instead of scanning all Safes it sees in the Vault.

How is this accomplished?

Options:

A.

Administration Options > CPM Settings

B.

AllowedSafe Parameter on each platform policy

C.

MaxConcurrentConnection parameter on each platform policy

D.

Administration > Options > CPM Scanner

Buy Now
Questions 29

When SAML authentication is used to sign in to the PVWA, which service performs the actual authentication?

Options:

A.

Active Directory (AD)

B.

Identity Provider (IdP) Most Voted

C.

Service Provider (SP)

D.

CyberArk Password Vault Web Access (PVWA)

Buy Now
Questions 30

Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.

Which file should you update to allow this to run?

Options:

A.

PSMConfigureAppLocker.xml

B.

PSMHardening.xml

C.

PSMAppConfig.xml

D.

PSMConfigureHardening.xml

Buy Now
Questions 31

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 32

What is a prerequisite step before installing the Vault on Windows 2019?

Options:

A.

Configure the Kerberos authentication method on the default IIS Application pool

B.

Check that the server IP address is correctly configured and that it is static

C.

In the Network Connection properties, configure Preferred DNS Servers

D.

Install Microsoft Windows patch KB4014998

Buy Now
Questions 33

You are setting up a Linux host to act as an HTML 5 gateway for PSM sessions.

Which servers need to be trusted by the Linux host to secure communications through the gateway?

Options:

A.

PSM and PVWA

B.

PSM and CPM

C.

PVWA and Vault

D.

Vault and PSM

Buy Now
Questions 34

CyberArk User Neil is trying to connect to the Target Linux server 192.168.1.164 using a domain account ACME/linuxuser01 on domain acme.corp using PSM for SSH server 192.168.65.145.

What is the correct syntax?

Options:

A.

ssh neil@linuxuser01:acme.corp@192.168.1.164@192.168.65.145

B.

ssh neil@linuxuser01#acme.corp@192.168.1.164@192.168.65.145 Most Voted

C.

ssh neil@linuxuser01@192.168.1.164@192.168.65.145

D.

ssh neil@linuxuser01@acme.corp@192.168.1.164@192.168.65.145

Buy Now
Questions 35

Which of the following are supported authentication methods for CyberArk? Check all that apply

Options:

A.

CyberArk Password (SRP)

B.

LDAP

C.

SAML

D.

PKI

E.

RADIUS

F.

OracleSSO

G.

Biometric

Buy Now
Questions 36

In order to avoid conflicts with the hardening process, third party applications like Antivirus and Backup Agents should be installed on the Vault server before installing the Vault.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 37

The account used to install a PVWA must have ownership of which safes? (Choose two.)

Options:

A.

VaultInternal

B.

PVWAConfig

C.

System

D.

Notification Engine

E.

PVWAReports

Buy Now
Questions 38

You want to change the name of the PVWAappuser of the second PVWA server.

Which steps are part of the process? (Choose two.)

Options:

A.

Update PVWA.ini with new user name

B.

Update Vault.ini with new user name

C.

Create new user in PrivateArk

D.

Rename user in PrivateArk

E.

Create new cred file for user

Buy Now
Questions 39

Which pre-requisite step must be completed before installing a Vault?

Options:

A.

Join the server to a domain.

B.

Install a clean operating system.

C.

Install antivirus software.

D.

Copy the master CD to a folder on the Vault server.

Buy Now
Questions 40

How should you configure PSM for SSH to support load balancing?

Options:

A.

by using a network load balancer Most Voted

B.

in PVWA > Options > PSM for SSH Proxy > Servers

C.

in PVWA > Options > PSM for SSH Proxy > Servers > VIP

D.

by editing sshd.config on the all the PSM for SSH servers

Buy Now
Exam Code: PAM-SEN
Exam Name: CyberArk Sentry PAM
Last Update: Dec 20, 2024
Questions: 136

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PAM-SEN testing engine

PDF (Q&A)

$36.75  $104.99
buy now PAM-SEN pdf