New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CAU302 Questions and Answers

Question # 6

When managing SSH keys, the Central Policy Manager (CPM) stores the private key.

A.

in the Vault

B.

on the target server

C.

in the Vault and on the target server

D.

nowhere because the private key can always be generated from the public key

Full Access
Question # 7

When working with the CyberArk High Availability Cluster, which services are running on the passive node?

A.

Cluster Vault Manager and PrivateArk Database

B.

Cluster Vault Manager, PrivateArk Database and Remote Control Agent

C.

Cluster Vault Manager

D.

Cluster Vault Manager and Remote Control Agent

Full Access
Question # 8

What are the functions of the Remote Control Agent service? (Choose all that apply.)

A.

Allows remote monitoring of the Vault

B.

Sends SNMP traps from the Vault

C.

Maintains audit data

D.

Allows CyberArk Services to be managed (start/stop/status) remotely

Full Access
Question # 9

A Simple Network Management Protocol (SNMP) integration allows the Vault administrator to forward ITALOG records to a monitoring solution.

A.

True

B.

False

Full Access
Question # 10

What is the primary purpose of Exclusive Accounts?

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Full Access
Question # 11

What is the proper way to allow the Vault to resolve host names?

A.

Define a DNS server.

B.

Define a WINS server.

C.

Define the local hosts file.

D.

The Vault cannot resolve host names due to security standards.

Full Access
Question # 12

Where do you configure in PVWA the fully-qualified domain name (FQDN) of your target email server during SMTP integration?

A.

PVWA > Platform Management > Notification Settings

B.

PVWA > Options > Notification Settings

C.

PVWA > Administration > Notification Settings

D.

PVWA > LDAP Integartion > Notification Settings

Full Access
Question # 13

Is it possible to modify the CyberArk Vault Audit Log?

A.

Yes, a Vault administrator can modify the Audit log

B.

No, the audit trail is tamper proof and cannot be edited, not even by Master

C.

Yes, but only the Master user can modify the Audit log

D.

Yes, a Vault administrator can edit the Audit log but only with explicit permission from CyberArk

Full Access
Question # 14

Which file is used to integrate the Vault with your Radius server?

A.

radius.ini

B.

paragent ini

C.

ENEConf.ini

D.

dbparm.ini

Full Access
Question # 15

When working with the CyberArk Disaster Recovery (DR) solution, which services should be running on the DR Vault?

A.

CyberArk Vault Disaster Recovery (DR), PrivateArk Database

B.

CyberArk Vault Disaster Recovery

C.

CyberArk Vault Disaster Recovery, PrivateArk Database, PrivateArk Server

D.

CyberArk Vault Disaster Recovery, PrivateArk Database, CyberArk Event Notification Engine

Full Access
Question # 16

Which of these accounts onboarding methods is considered proactive?

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Full Access
Question # 17

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Full Access
Question # 18

In Accounts Discovery, you can configure a Windows discovery to scan______________.

A.

as many OUs as you wish

B.

up to three OUs.

C.

only one OU.

D.

a number of OUs determined by the OUstoScan setting under the Accounts Feed section in the Administration tab

Full Access
Question # 19

A SIEM integration allows you to forward audit records to a monitoring solution.

A.

TRUE

B.

FALSE

Full Access
Question # 20

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

A.

TRUE

B.

FALSE

Full Access
Question # 21

The vault supports a number of dual factor authentication methods.

A.

TRUE

B.

FALSE

Full Access
Question # 22

To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers need to be configured to communicate with the Primary Vault and Satellite Vaults. What file needs to be changed on the PVWA to enable this setup?

A.

Vault.ini

B.

dbparm.ini

C.

pvwa.ini

D.

Satellite.ini

Full Access
Question # 23

What is the purpose of the password Reconcile process?

A.

To test that CyberArk is storing accurate credentials for accounts.

B.

To change the password of an account according to organizationally defined password rules.

C.

To allow CyberArk to manage unknown or lost credentials.

D.

To generate a new complex password.

Full Access
Question # 24

In order to grant a permission to a user, and administrator MUST possess that permission.

A.

True

B.

False

Full Access
Question # 25

Which is the correct order of installation for PAS components?

A.

Vault. CPM. PVWA. PSM

B.

CPM, Vault. PSM. PVWA

C.

Vault, CPM. PSM, PVWA

D.

PVWA, Vault, CPM. PSM

Full Access
Question # 26

Name two ways of viewing the ITAlog:

A.

Log into the vault locally and navigate to the Server folder under the PrivateArk install location.

B.

Log into the PVWA and go to the Reports tab.

C.

Access the System Safe from the PrivateArk client.

D.

Go to the Thirdpary log directory on the CPM

Full Access
Question # 27

It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

A.

TRUE

B.

FALSE

Full Access
Question # 28

What is the purpose of the PrivateArk Database service?

A.

Maintains Vault metadata.

B.

Communicates with components.

C.

Sends email alerts from the vault ID.

D.

Executes password changes

Full Access
Question # 29

Time of day of week restrictions on when password changes can occur are configured in ________________.

A.

The Master Policy

B.

The Platform settings

C.

The Safe settings

D.

The Account Details

Full Access
Question # 30

Which of the following options is not set in the Master Policy?

A.

Password Expiration Date

B.

Dual Control

C.

Password Complexity

D.

Require Access Reason

Full Access
Question # 31

Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

A.

Suspected Credential Theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged Privileged Access

Full Access
Question # 32

Which service is optional on the Vault?

A.

PrivateArk Server

B.

PrivateArk Remote Control Agent

C.

PrivateArk Database

D.

CyberArk Hardened Windows Firewall

Full Access
Question # 33

Users complain they are unsuccessful attempting to authenticate to the PVWA web site. After entering their

credentials, they receive a “Timeout has expired”. You test the URL using multiple browsers and receive the

same error. The CyberArk.WebApplication.log shows the “ITACM012S Timeout has expired” log entry.

What is the next troubleshooting step you should take?

A.

Run an IISRESET on the PVWA server

B.

Check the CyberArk.WebConsole.log for errors

C.

Check network firewall rules to ensure the PVWA can communicate to the Vault over tcp_1858

D.

Check the health of the Vault Server and ensure all services are running

Full Access
Question # 34

The Accounts Feed contains:

A.

Accounts that were discovered by CyberArk in the last 30 days

B.

Accounts that were discovered by CyberArk that have not yet been onboarded

C.

All accounts added to the vault in the last 30 days

D.

All users added to CyberArk in the last 30 days

Full Access
Question # 35

When managing SSH keys. CPM automatically pushes the Public Key to the target system.

A.

TRUE

B.

FALSE

Full Access