New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

PAM-CDE-RECERT Questions and Answers

Question # 6

The System safe allows access to the Vault configuration files.

A.

TRUE

B.

FALS

Full Access
Question # 7

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Full Access
Question # 8

It is possible to control the hours of the day during which a user may log into the vault.

A.

TRUE

B.

FALSE

Full Access
Question # 9

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Full Access
Question # 10

Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?

A.

Credentials stored in the Vault for the target machine

B.

Shadowuser

C.

PSMConnect

D.

PSMAdminConnect

Full Access
Question # 11

How does the Vault administrator apply a new license file?

A.

Upload the license.xml file to the system Safe and restart the PrivateArk Server service

B.

Upload the license.xml file to the system Safe

C.

Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service

D.

Upload the license.xml file to the Vault Internal Safe

Full Access
Question # 12

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

A.

True

B.

False

Full Access
Question # 13

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

A.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway

B.

Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers

C.

Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway

D.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details

Full Access
Question # 14

Your organization has a requirement to allow users to “check out passwords” and connect to targets with the same account through the PSM.

What needs to be configured in the Master policy to ensure this will happen?

A.

Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active

B.

Enforce check-in/check-out exclusive access = inactive; Require privileged session monitoring and isolation = inactive

C.

Enforce check-in/check-out exclusive access = inactive; Record and save session activity = active

D.

Enforce check-in/check-out exclusive access = active; Record and save session activity = inactive

Full Access
Question # 15

Which of these accounts onboarding methods is considered proactive?

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Full Access
Question # 16

When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

A.

Any one person from that group

B.

Every person from that group

C.

The number of persons specified by the Master Policy

D.

That access cannot be granted to groups

Full Access
Question # 17

When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

A.

Platform

B.

Connection Component

C.

CPM

D.

Vault

Full Access
Question # 18

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

A.

Select Update on the CyberArk group, and then click Add > LDAP Group

B.

Select Update on the LDAP Group, and then click Add > LDAP Group

C.

Select Member Of on the CyberArk group, and then click Add > LDAP Group

D.

Select Member Of on the LDAP group, and then click Add > LDAP Group

Full Access
Question # 19

A customer is deploying PVWAs in the Amazon Web Services Public Cloud. Which load balancing option does CyberArk recommend?

A.

Network Load Balancer

B.

Classic Load Balancer

C.

HTTPS load balancer

D.

Public standard load balancer

Full Access
Question # 20

You are logging into CyberArk as the Master user to recover an orphaned safe.

Which items are required to log in as Master?

A.

Master CD, Master Password, console access to the Vault server, Private Ark Client

B.

Operator CD, Master Password, console access to the PVWA server, PVWA access

C.

Operator CD, Master Password, console access to the Vault server, Recover.exe

D.

Master CD, Master Password, console access to the PVWA server, Recover.exe

Full Access
Question # 21

Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

A.

TRUE

B.

FALS

Full Access
Question # 22

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

A.

PSMConnect

B.

PSMMaster

C.

PSMGwUser

D.

PSMAdminConnect

Full Access
Question # 23

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

A.

True

B.

False, the PTA can suspend sessions whether the session is made via the PSM or not

Full Access
Question # 24

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.

How should this be configured to allow for password management using least privilege?

A.

Configure each CPM to use the correct logon account.

B.

Configure each CPM to use the correct reconcile account.

C.

Configure the UNIX platform to use the correct logon account.

D.

Configure the UNIX platform to use the correct reconcile account.

Full Access
Question # 25

A Logon Account can be specified in the Master Policy.

A.

TRUE

B.

FALSE

Full Access
Question # 26

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

A.

PSM-SSH Connection Component

B.

UnixPrompts.ini

C.

UnixProcess.ini

D.

PSM-RDP Connection Component

Full Access
Question # 27

Which of the following options is not set in the Master Policy?

A.

Password Expiration Time

B.

Enabling and Disabling of the Connection Through the PSM

C.

Password Complexity

D.

The use of “One-Time-Passwords”

Full Access
Question # 28

When creating an onboarding rule, it will be executed upon .

A.

All accounts in the pending accounts list

B.

Any future accounts discovered by a discovery process

C.

Both “All accounts in the pending accounts list” and “Any future accounts discovered by a discovery process”

Full Access
Question # 29

You are configuring the vault to send syslog audit data to your organization's SIEM solution. What is a valid value for the SyslogServerProtocol parameter in DBPARM.ini file?

A.

TLS

B.

SSH

C.

SMTP

D.

SNMP

Full Access
Question # 30

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

A.

Export Vault Data

B.

Export Vault Information

C.

PrivateArk Client

D.

Privileged Threat Analytics

Full Access
Question # 31

Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

A.

TRUE

B.

FALSE

Full Access