CyberArk Defender and Sentry Level Exam
Questions And Answers Verified 100% Correct
What status and privileges must the CPM have for all safes? - ANSWER Must be an
owner with:
- Monitor
- Retrieve
- Store
- Delete
Access control is done by? - ANSWER Safes
Vault Server/CyberArk allows integration of only SYSLog or SIEM? - ANSWER False
Once the Vault is hardened, how do you add a non-standard firewall rule? - ANSWER
Edit the DParm.ini file
The Master User has full __________ and __________ authorizations. Can these be
removed by the Administrator? - ANSWER Safe and Vault, No authorization cannot be
removed
The DR module allows an Integration with Enterprise Backup Software. - ANSWER
False
Who/What has access to a newly created safe? - ANSWER The associated CPM and
the creator of the safe.
By running deep packet inspection, what type of Kerberos attacks can the PTA detect in
real time? - ANSWER - Pass the Hash
- PAC Attack
- Golden Ticket
- DC Sync
Older sessions are analyzed in PTA and trigger security incidents. - ANSWER False,
only current PSM sessions are analyzed by the PTA
File used to configure the physical disks used to store Vault Data. - ANSWER
TSParm.ini
User configuration is available in the PVWA. - ANSWER False
,Designed to provide a native Unix/Linux user experience, connecting to any SSH Target
System - ANSWER PSM for SSH (PSM SSH Proxy)
Detecting Kerberos attacks are included in the Core PAS Solution - ANSWER False
Report that shows CPM status for each account. - ANSWER Privileged Accounts
Compliance Status Report
Kerberos attacks are included in the Core PAS solution. - ANSWER False
What are the three primary goals of the PSM? - ANSWER Isolate, Control, and Monitor
Basic PSM file that contains the information required to start the PSM. - ANSWER
Basic_psm.ini
Name two ways of viewing the ITALog - ANSWER - Log onto the Vault, navigate to
server folder under the PrivateArk Install location
- Access the system safe from the PrivateArk client
What does CyberArk use to manage access control? - ANSWER Safes
The account credentials used for connection with the PSM, must be stored in the Vault.
- ANSWER False, the user can also enter the credentials manually via SecureConnect
What would be a good use case for the Disaster Recovery module? - ANSWER Off
site, replication is required
__________ Report shows all the audit information in the Vault. - ANSWER Activity
Log Report
Which file would you modify to configure your vault server to forward activity logs to a
SIEM or SYSLog Server? - ANSWER DBParm.ini
How does the PTA sort PSM recordings? - ANSWER Based on risk score.
By default, the PSM records all activities that take place during privileged sessions and
provides audits for the following events:
1.
2.
3.
4. - ANSWER 1. SQL Commands
2. SSH Keystrokes
, 3. Windows Titles
4. Universal Keystrokes
Which PSM connection allows you to connect with accounts that are not stored in
CyberArk Vault or managed by the CPM? - ANSWER Ad-Hoc Connection/Secure
Connect
Name the two types of Operational reports. - ANSWER Privileged Accounts Inventory
and Application Inventory
Name the five reports that can be generated in the PVWA. - ANSWER 1. Privileged
Accounts Inventory
2. Application Inventory for AIM
3. Privileged Accounts Compliance Status
4. Entitlement Report
5. Activity Log
If you run a Privileged Accounts Inventory report but do not have the "view safe
members" permission, what happens? - ANSWER You will only be able to view
complete information about your own activities
In Discovery, what must occur before an account loses privileged status? - ANSWER It
is removed from all machines it was discovered on
PTA Upgrade Log Name - ANSWER Log_upgrade.log
What permissions are required for the Activity Log Report? - ANSWER Audit Users and
View Audit
Permissions required to run the Activity Log Report. - ANSWER User related activities:
Audit users
Safe/Account related activities: View audit
Explain object level access control? - ANSWER Access control is individualized based
on objects in safe rather than by safe
Using Accounts Discovery, what are the three stages accounts will go through? -
ANSWER Discovery - Pending - Onboarding
Which account does the PVWA use to impersonate the end user? - ANSWER Gateway
User
Questions And Answers Verified 100% Correct
What status and privileges must the CPM have for all safes? - ANSWER Must be an
owner with:
- Monitor
- Retrieve
- Store
- Delete
Access control is done by? - ANSWER Safes
Vault Server/CyberArk allows integration of only SYSLog or SIEM? - ANSWER False
Once the Vault is hardened, how do you add a non-standard firewall rule? - ANSWER
Edit the DParm.ini file
The Master User has full __________ and __________ authorizations. Can these be
removed by the Administrator? - ANSWER Safe and Vault, No authorization cannot be
removed
The DR module allows an Integration with Enterprise Backup Software. - ANSWER
False
Who/What has access to a newly created safe? - ANSWER The associated CPM and
the creator of the safe.
By running deep packet inspection, what type of Kerberos attacks can the PTA detect in
real time? - ANSWER - Pass the Hash
- PAC Attack
- Golden Ticket
- DC Sync
Older sessions are analyzed in PTA and trigger security incidents. - ANSWER False,
only current PSM sessions are analyzed by the PTA
File used to configure the physical disks used to store Vault Data. - ANSWER
TSParm.ini
User configuration is available in the PVWA. - ANSWER False
,Designed to provide a native Unix/Linux user experience, connecting to any SSH Target
System - ANSWER PSM for SSH (PSM SSH Proxy)
Detecting Kerberos attacks are included in the Core PAS Solution - ANSWER False
Report that shows CPM status for each account. - ANSWER Privileged Accounts
Compliance Status Report
Kerberos attacks are included in the Core PAS solution. - ANSWER False
What are the three primary goals of the PSM? - ANSWER Isolate, Control, and Monitor
Basic PSM file that contains the information required to start the PSM. - ANSWER
Basic_psm.ini
Name two ways of viewing the ITALog - ANSWER - Log onto the Vault, navigate to
server folder under the PrivateArk Install location
- Access the system safe from the PrivateArk client
What does CyberArk use to manage access control? - ANSWER Safes
The account credentials used for connection with the PSM, must be stored in the Vault.
- ANSWER False, the user can also enter the credentials manually via SecureConnect
What would be a good use case for the Disaster Recovery module? - ANSWER Off
site, replication is required
__________ Report shows all the audit information in the Vault. - ANSWER Activity
Log Report
Which file would you modify to configure your vault server to forward activity logs to a
SIEM or SYSLog Server? - ANSWER DBParm.ini
How does the PTA sort PSM recordings? - ANSWER Based on risk score.
By default, the PSM records all activities that take place during privileged sessions and
provides audits for the following events:
1.
2.
3.
4. - ANSWER 1. SQL Commands
2. SSH Keystrokes
, 3. Windows Titles
4. Universal Keystrokes
Which PSM connection allows you to connect with accounts that are not stored in
CyberArk Vault or managed by the CPM? - ANSWER Ad-Hoc Connection/Secure
Connect
Name the two types of Operational reports. - ANSWER Privileged Accounts Inventory
and Application Inventory
Name the five reports that can be generated in the PVWA. - ANSWER 1. Privileged
Accounts Inventory
2. Application Inventory for AIM
3. Privileged Accounts Compliance Status
4. Entitlement Report
5. Activity Log
If you run a Privileged Accounts Inventory report but do not have the "view safe
members" permission, what happens? - ANSWER You will only be able to view
complete information about your own activities
In Discovery, what must occur before an account loses privileged status? - ANSWER It
is removed from all machines it was discovered on
PTA Upgrade Log Name - ANSWER Log_upgrade.log
What permissions are required for the Activity Log Report? - ANSWER Audit Users and
View Audit
Permissions required to run the Activity Log Report. - ANSWER User related activities:
Audit users
Safe/Account related activities: View audit
Explain object level access control? - ANSWER Access control is individualized based
on objects in safe rather than by safe
Using Accounts Discovery, what are the three stages accounts will go through? -
ANSWER Discovery - Pending - Onboarding
Which account does the PVWA use to impersonate the end user? - ANSWER Gateway
User
