New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

PAM-SEN Questions and Answers

Question # 6

The account used to install a PVWA must have ownership of which safes? (Choose two.)

A.

VaultInternal

B.

PVWAConfig

C.

System

D.

Notification Engine

E.

PVWAReports

Full Access
Question # 7

Your customer wants to store the Safes Data on Vault Drive D instead of Drive C.

Which file should you edit?

A.

TSparm.ini Most Voted

B.

Vault.ini

C.

DBparm.ini

D.

user.ini

Full Access
Question # 8

Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.

Which file should you update to allow this to run?

A.

PSMConfigureAppLocker.xml

B.

PSMHardening.xml

C.

PSMAppConfig.xml

D.

PSMConfigureHardening.xml

Full Access
Question # 9

As Vault Admin, you have been asked to enable your organization's CyberArk users to authenticate using LDAP.

In addition to Audit Users, which permission do you need to complete this task?

A.

Add Network Areas

B.

Manage Directory Mapping

C.

Add/Update Users

D.

Activate Users

Full Access
Question # 10

Which step is required to register a Vault manually in Amazon Web Services using CAVaultManager?

A.

Specify Amazon as the cloud vendor using the /CloudVendor Flag

B.

After running the postinstall utility, restart the "PrivateArk Server" service

C.

Specify the Cloud region using the /CloudRegion flag

D.

Specify whether the Vault is distributed or stand alone

Full Access
Question # 11

The PrivateArk clients allows a user to view the contents of the vault like a filesystem.

A.

TRUE

B.

FALSE

Full Access
Question # 12

What is the best practice for storing the Master CD?

A.

Copy the files to the Vault server and discard the CD.

B.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

C.

Store the CD in a secure location, such as a physical safe.

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder (secured with NTFS permissions} on the vault.

Full Access
Question # 13

A customer has five main data centers with one PVWA in each center under different URLs.

How can you make this setup fault tolerant?

A.

This setup is already fault tolerant.

B.

Install more PVWAs in each data center.

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered.

D.

Load balance all PVWAs under same URL.

Full Access
Question # 14

You have been asked to limit a platform called “Windows_Servers” to safes called “WindowsDC1” and “WindowsDC2”. The platform must not be assigned to any other safe.

What is the correct way to accomplish this?

A.

Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select General and modify “AllowedSafes” to be (WindowsDC1)|(WindowsDC2).

B.

Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select Options and modify “AllowedSafes” to be (Win*).

C.

Edit the “WindowsDC1” and “WindowsDC2” safes through Safe Management, Add “Windows_Servers” to the “AllowedPlatforms”.

D.

Log in to PrivateArk using an Administrative user, Select File, Server File Categories, Locate the category “WindowsServersAllowedSafes” and specify “WindowsDC1,WindowsDC2”.

Full Access
Question # 15

What is a valid combination of primary and secondary layers of authentication to a company's two-factor authentication policy?

A.

RSA SecurID Authentication (in PVWA) and LDAP Authentication

B.

CyberArk Authentication and RADIUS Authentication

C.

Oracle SSO (in PVWA) and SAML Authentication

D.

LDAP Authentication and RADIUS Authentication

Full Access
Question # 16

Which pre-requisite step must be completed before installing a Vault?

A.

Join the server to a domain.

B.

Install a clean operating system.

C.

Install antivirus software.

D.

Copy the master CD to a folder on the Vault server.

Full Access
Question # 17

What would be a good use case for a High Availability vault?

A.

Recovery Time Objectives or Recovery Point Objectives are at or near zero.

B.

Integration with an Enterprise Backup Solution is required.

C.

Off site replication is required

D.

PSM is used.

Full Access
Question # 18

What is the name of the account used to establish the initial RDP session from the end user client machine to the PSM server?

A.

PSMConnect

B.

PSMAdminConnect

C.

PSM

D.

The credentials the end user retrieved from the vault

Full Access
Question # 19

You want to add an additional maintenance user on the PSM for SSH.

How can you accomplish this if InstallCyberarkSSHD is set to Integrated?

A.

Create a local user and add it to the PSMMaintenance Group.

B.

Create a local user called proxymng.

C.

Create a local user and add it to group configured for the parameter AllowGroups in the /etc/sshd_config file

D.

Create a local user, called psmpmng.

Full Access
Question # 20

There is a requirement for a password to change between 01:00 and 03:00 on Saturdays and Sundays; however, this does not work consistently.

Which platform setting may be the cause?

A.

The Interval setting for the platform is incorrect and must be less than 120.

B.

The ImmediateInterval setting for the platform is incorrect and must be greater than or equal to 1.

C.

The DaysToRun setting for the platform is incorrect and must be set to Sat,Sun.

D.

The HeadStartInterval setting for the platform is incorrect and must be set to 0.

Full Access
Question # 21

Which statement about REST API is correct? (Choose two.)

A.

When a user successfully authenticates to the Vault, an authentication token is returned. Most Voted

B.

REST API Windows authentication method allows skipping the logon API by using the Windows default credentials with a Kerberos ticket.

C.

To allow High Availability, REST API can be configured to support Session Load Balancing by editing the PVConfiguration.xml and setting the AllowPVWASessionRedandancy=Yes.

D.

Each REST API call requires that a valid authentication token be provided. Most Voted

E.

REST calls are directly sent to the currently active Vault using Port 1858.

Full Access
Question # 22

Does CyberArk need service accounts on each server to change passwords?

A.

Yes. it requires a domain administrator account to change any password on any server.

B.

Yes. it requires a local administrator account on any Windows server and a root level account on any Unix server.

C.

No. passwords are changed by the Password Provider Agent.

D.

No. the CPM uses the account information stored in the vault to login and change the account's password using its own credentials

Full Access
Question # 23

Which configuration file and Vault utility are used to migrate the server key to an HSM?

A.

DBparm.ini and CAVaultManager.exe

B.

VaultKeys.ini and CAVaultManager.exe

C.

DBparm.ini and ChangeServerKeys.exe

D.

VaultKeys.ini and ChangeServerKeys.exe

Full Access
Question # 24

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

A.

TRUE

B.

FALSE

Full Access
Question # 25

In an SMTP integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SMTP server address(es)

A.

TRUE

B.

FALSE

Full Access
Question # 26

The connect button requires PSM to work.

A.

TRUE

B.

FALSE

Full Access
Question # 27

Which of the following are prerequisites for installing PVWA Check all that Apply.

A.

Web Services Role

B.

NET 4.5.1 Framework Feature

C.

Remote Desktop Services Role

D.

Windows BitLocker

Full Access
Question # 28

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? Choose all that apply

A.

Store the CD in a physical safe and mount the CD every time vault maintenance is performed.

B.

Copy the contents of the CD to the System Safe on the vault

C.

Copy the contents of the CD to a folder on the vault server and secure it with NTFS permissions.

D.

Store the server key in a Hardware Security Module.

E.

Store the server key in the Provider cache

Full Access
Question # 29

At what point is a transparent user provisioned in the vault?

A.

When a directory mapping matching that user id is created.

B.

When a vault admin runs LDAP configuration wizard.

C.

The first time the user logs in.

D.

During the vault's nightly LD|^P refresh

Full Access
Question # 30

A vault admin received an email notification that a password verification process has failed Which service sent the message?

A.

The PrivateArk Server Service on the Vault.

B.

The CyberArk Password Manager service on the Components Server.

C.

The CyberArk Event Notification Engine Service on the Vault

D.

The CyberArk Privileged Session Manager service on the Vault.

Full Access
Question # 31

In large-scale environments, it is important to enable the CPM to focus its search operations on specific Safes instead of scanning all Safes it sees in the Vault.

How is this accomplished?

A.

Administration Options > CPM Settings

B.

AllowedSafe Parameter on each platform policy

C.

MaxConcurrentConnection parameter on each platform policy

D.

Administration > Options > CPM Scanner

Full Access
Question # 32

Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation?

A.

255.255.255.255

B.

8.8.8.8

C.

192.168.1.1

D.

1.1.1.1

Full Access
Question # 33

You are successfully managing passwords in the alpha cyberark com domain; however, when you attempt to manage a password in the beta cyberark com domain, you receive the 'network path not found' error. What should you check first?

A.

That the username and password are correct

B.

That the CPM can successfully resolve addresses in the beta cyberark com domain

C.

That the end user has the correct permissions on the safe.

D.

That an appropriate trust relationship exists between alpha.cyberark com and beta cyberark.com

Full Access
Question # 34

What is the default username for the PSM for SSH maintenance user when InstallCyberarkSSHD is set to yes?

A.

proxymng

B.

psmp_maintenance

C.

psmpmaintenanceuser

D.

psmpmnguser

Full Access
Question # 35

Which authentication methods does PSM for SSH support?

A.

CyberArk password LDAP, RADIUS, SAML

B.

LDAP, Windows Authentication, SSH keys

C.

RADIUS, Oracle SSO, CyberArk Password

D.

CyberArk Password, LDAP, RADIUS

Full Access
Question # 36

What is the purpose of the CPM_Preinstallation.ps1 script included with the CPM installation package?

A.

It prompts for input parameters that will be used to pre-populate form fields in the installation wizard.

B.

It automatically installs the CPM, requiring no additional user input.

C.

It allows you to install the CPM using a command line approach rather than using the installation wizard.

D.

It verifies the NET version installed on the server and sets the IIS SSL TLS server configuration.

Full Access
Question # 37

You are beginning the post-install process after a manual PSM installation is completed.

What must you do?

A.

Disable screen saver for the PSM local users.

B.

Create a new group called PSMShadowUsers.

C.

Reset the PSMAdminConnect user password.

D.

Enable load balancing on the PSM server.

Full Access
Question # 38

In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA_Hardening.ps1 perform when run? (Choose two.)

A.

performs IIS hardening

B.

configures all group policy settings

C.

renames the local Administrator Account

D.

configures Windows Firewall

E.

imports the CyberArk INF configuration

Full Access
Question # 39

A stand alone Vault server requires DNS services to operate properly.

A.

TRUE

B.

FALSE

Full Access
Question # 40

What authentication methods can be implemented to enforce Two-Factor Authentication (2FA) for users authenticating to CyberArk using both the PVWA (through the browser) and the PrivateArk Client?

A.

LDAP and RADIUS Most Voted

B.

CyberArk and RADIUS

C.

SAML and Cyber Ark

D.

SAML and RADIUS

Full Access