CyberArk Defender Sample - PAM Exam Questions & Answers ( a head answers) Verified & Accurate Guaranteed Pass.

Which values are acceptable in the address field of an account? - any name that is resolvable by the Central Policy Manager (CPM) server is acceptable The Accounts feed contains: - accounts that were discovered by CyberArk that have not yet been onboarded Accounts discovery allows secure connections to domain controllers? (T/F) - True Which of these accounts onboarding methods is considered proactive? - A Rest API integration with account provisioning software When creating an onboarding rule it will be executed upon: - any future accounts discovered by a discovery process. What are the functions of the Remote Control Agent service? - 1. Allow remote monitoring of the Vault 2. Sends SNMP traps from the Vault 3. Allows CyberArk services to be managed (start/stop/status) remotely The Vault administrator can change the Vault license by uploading the new license to the system Safe: (T/F) - True CyberArk implements license limits by controlling the number and types of users that can be provisioned in the Vault (T/F) - True PSM for windows (Previously know as RDP Proxy) supports connections to the which of the following target systems. - 1. Windows 2. Unix 3. Oracle PSM for SSH (previously know as PSM-SSH Proxy) supports connections to which of the following target systems - 1. Unix Within the Vault each password is encrypted by: - It own unique key. Which utilities could a Vault administrator use to change debugging levels on the Vault without having to restart the Vault? - 1. PAR Agent 2. PrivateArk Server Central Administration How does a Vault administrator apply a new license file? - Upload the file to the system safe Which keys are required to be present in order to start the PrivateArk Server service? - 1. Recover public key 2. Server Key What is the purpose of the CyberArk Event Notification Engine service? - It send emails from the Vault What is the purpose of the PrivateArk Database service? - Maintains Vault Metadata What is the purpose of the PrivateArk Server service? - Makes Vault data accessible to components. Select the best practice for storing the Master CD - Store the CD in a secure location, such as a physical safe. Which of the following are secure options for storing the contents of the Operator CD, while still allowing contents to be accessible upon a planned Vault restart? Choose the three correct options - 1. Store CD in a physical safe & mount the CD every time Vault maintenance is performed. 2. Copy the entire content of the CD to a folder on the Vault Server and secure it with NTFS permissions. 3. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions Which service should NOT be running on the DR Vault when the primary Production Vault is up? - PrivateArk Server Which of the following logs contain information about errors related to PTA? - When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary vault comes back online. - False, this is not possible. When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online: - False, the Vault administrator must manually set the DR Vault to DR mode by setting "FailoverMode=no" in the file. Which of the following components can be used to create a tape backup of the Vault? - Replicate A Vault administrator has associated a logon account to one of their Unix root accounts in the Vault. When attempting to change the root account's password the Central Policy Manager (CPM) will: - log in to the system as the logon account, run the SU command to log in as root, and then change root's password. For a safe with object level access control enabled the Vault administrator is able to turn off object level access control when it no longer need on the safe. (T/F) - False, this change cannot be undone. The Vault supports Subnet Based Access Control - True The Vault does not support Subnet Based Access Control. - False Assuming a Safe has been configured to be accessible during certain hours of the day, a Vault administrator may still access that safe outside of those hours. (T/F) - False A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as dual control - True What is the purpose of the password verify process? - to test that CyberArk is storing accurate credentials for accounts what is the purpose of the password change process? - to change the password of an account according to organizationally defined password rules. In order to grant a permission to a user, an administrator MUST possess that permission? (T/F) - True A logon account can be specified in the platform settings - True Which Master Policy setting must be active in order to have an account checked out by user for a pre-determined amount of time? - Enforce check-in/check-out exclusive access and enforce one-time password access. Which combination of Safe member permissions will allows end users to log in to a remote machine transparently but not show or copy the password? - Use Accounts, List Accounts CyberArk Recommends implementing object level access control on all Safes. - False Which credentials does CyberArk use when managing a target account? - The credentials of the target account What is the purpose of the password reconcile process? - To allows CyberArk to manage unknown or lost credentials What is the process to remove object level access control from a safe? - This cannot be done. Access control to passwords is implemented by: - Safe Authorization If a user is a member of more than one group that has authorizations on a Safe, by default that user is granted: - the cumulative permissions of all the groups to which that user belongs Users who have the 'Access Safe without confirmation' permission on a Safe where accounts are configured to Dual Control still need to request approval to use the account. - False Which is the purpose of a linked account? - to allow the use of addition passwords within a password management process A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password the Central Policy Manager (CPM) will: - log in first with the logon account, then run the SU command to log in as root, using the password in the Vault. For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would the Vault administrator configure a group of users to access