PAM-CDE-RECERT Questions and Answers

The System safe allows access to the Vault configuration files.

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

It is possible to control the hours of the day during which a user may log into the vault.

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?

How does the Vault administrator apply a new license file?

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

Your organization has a requirement to allow users to “check out passwords” and connect to targets with the same account through the PSM.

What needs to be configured in the Master policy to ensure this will happen?

Which of these accounts onboarding methods is considered proactive?

When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

A customer is deploying PVWAs in the Amazon Web Services Public Cloud. Which load balancing option does CyberArk recommend?

You are logging into CyberArk as the Master user to recover an orphaned safe.

Which items are required to log in as Master?

Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.

How should this be configured to allow for password management using least privilege?

A Logon Account can be specified in the Master Policy.

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

Which of the following options is not set in the Master Policy?

When creating an onboarding rule, it will be executed upon .

You are configuring the vault to send syslog audit data to your organization's SIEM solution. What is a valid value for the SyslogServerProtocol parameter in DBPARM.ini file?

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.