Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.

A.

TRUE

B.

FALSE

Full Access
Question # 5

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

A.

TRUE

B.

FALSE

Full Access
Question # 6

CyberArk user Neil is trying to connect to the Target Linux server 192.168.1.64 using a domain account ACME/linuxuser01 on Domain Acme.corp using PSM for SSH server 192.168.65.145. What is the correct syntax?

A.

Ssh neil@linuxuser01:acme.corp@192.168.1.64@192.168.1.45

B.

Ssh neil@linuxuser01#acme.corp@192.168.1.64@192.168.1.45

C.

Ssh neil@linuxuser01@192.168.1.64@192.168.65.145

D.

Ssh neil@linuxuser01@acme.corp@192.168.1.64@192.168.1.45

Full Access
Question # 7

Your customer has five main data centers with one PVWA in each center under different URLs. How can you make this setup fault tolerant?

A.

This setup is already fault tolerant

B.

Install more PVWAs in each data center

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered

D.

Load balance all PVWAs under same urL

Full Access
Question # 8

Which is the primary purpose of exclusive accounts?

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Full Access
Question # 9

Which of the following components can be used to create a tape backup of the Vault?

A.

Disaster Recovery

B.

Distributed Vaults

C.

Replicate

D.

High Availability

Full Access
Question # 10

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

A.

on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

B.

on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Full Access
Question # 11

Which report could show all accounts that are past their expiration dates?

A.

Privileged Account Compliance Status report

B.

Activity log

C.

Privileged Account Inventory report

D.

Application Inventory report

Full Access
Question # 12

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Full Access
Question # 13

What is the chief benefit of PSM?

A.

Privileged session isolation

B.

Automatic password management

C.

Privileged session recording

D.

‘Privileged session isolation’ and ‘Privileged session recording’

Full Access
Question # 14

An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?

A.

PSMAdminConnect

B.

Shadowuser

C.

PSMConnect

D.

Credentials stored in the Vault for the target machine

Full Access
Question # 15

Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

A.

PAR Agent

B.

PrivateArk Server Central Administration

C.

Edit DBParm.ini in a text editor.

D.

Setup.exe

Full Access
Question # 16

Which of the following logs contains information about errors related to PTA?

A.

ITAlog.log

B.

diamond.log

C.

pm_error.log

D.

WebApplication.log

Full Access
Question # 17

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

A.

Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.

C.

In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.

Full Access
Question # 18

If a customer has one data center and requires high availability, how many PVWA's should be deployed.

A.

Two

B.

One PVWA cluster

C.

One

D.

Two PVWA Cluster

Full Access
Question # 19

When on-boarding account using Accounts Feed, Which of the following is true?

A.

You must specify an existing Safe where are account will be stored when it is on boarded to the Vault

B.

You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault.

C.

You can specify the name of a new Platform that will be created and associated with the account

D.

Any account that is on boarded can be automatically reconciled regardless of the platform it is associated with.

Full Access
Question # 20

A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.

What is the correct location to identify users or groups who can approve?

A.

PVWA> Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control> Approvers

B.

PVWA> Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests

C.

PVWA> Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers

D.

PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership)

Full Access
Question # 21

Which usage can be added as a service account platform?

A.

Kerberos Tokens

B.

IIS Application Pools

C.

PowerShell Libraries

D.

Loosely Connected Devices

Full Access
Question # 22

In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA?

A.

PVWAMonitor

B.

ReportUsers

C.

PVWAReports

D.

Operators

Full Access
Question # 23

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to [b]change [/b] the root account’s password the CPM will…..

A.

Log in to the system as root, then change root's password

B.

Log in to the system as the logon account, then change roofs password

C.

Log in to the system as the logon account, run the su command to log in as root, and then change root’s password.

D.

None of these

Full Access
Question # 24

What is the primary purpose of Dual Control?

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.

Full Access
Question # 25

What is the purpose of the password change process?

A.

To test that CyberArk is storing accurate credentials for accounts

B.

To change the password of an account according to organizationally defined password rules

C.

To allow CyberArk to manage unknown or lost credentials

D.

To generate a new complex password

Full Access
Question # 26

You have been asked to identify the up or down status of Vault services.

Which CyberArk utility can you use to accomplish this task?

A.

Vault Replicator

B.

PAS Reporter

C.

Remote Control Agent

D.

Syslog

Full Access
Question # 27

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)

A.

Store the CD in a physical safe and mount the CD every time Vault maintenance is performed

B.

Copy the entire contents of the CD to the system Safe on the Vault

C.

Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions

D.

Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions

Full Access
Question # 28

Which certificate type do you need to configure the vault for LDAP over SSL?

A.

the CA Certificate that signed the certificate used by the External Directory

B.

a CA signed Certificate for the Vault server

C.

a CA signed Certificate for the PVWA server

D.

a self-signed Certificate for the Vault

Full Access
Question # 29

What is mandatory for a PVWA installation?

A.

A DNS entry for PVWA url must be created.

B.

A company signed TLS certificate must be imported into the server

C.

A vault Administrator user must be used to register the PVWA

D.

Data Execution Prevention must be disabled.

Full Access
Question # 30

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

A.

True

B.

False

Full Access
Question # 31

A company requires challenge/response multi-factor authentication for PSMP sessions. Which server must you integrate with the CyberArk vault?

A.

LDAP

B.

PKI

C.

SAML

D.

RADIUS

Full Access