Labour Day Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. CyberArk
  3. Defender - Sentry (Combined)
  4. CAU302
  5. CyberArk Defender + Sentry Questions and Answers

CAU302 Sample Questions Answers

Questions 4

The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a “Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry.

Options:

A.

The PSM Component Server is configured as defined in PAS Installation Guide.

B.

The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed and must be rebuilt.

C.

The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed. Hardening procedures must be applied manually to the existing configuration.

D.

The PSM Component Server has been installed correctly but PVWA Hardening procedures have not been followed. Hardening procedures can be applied via the Installation Automation script or manually to the existing configuration.

Buy Now
Questions 5

The vault server uses a modified version of the Microsoft Windows firewall

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 6

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault.

Options:

A.

True.

B.

False. Because the user can also enter credentials manually using Ad-Hoc Access.

C.

False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect.

D.

False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.

Buy Now
Questions 7

The Vault needs to send SNMP traps to your SNMP solution, which file is used to configure the IP address of

the SNMP server?

Options:

A.

snmp.ini

B.

dbparm.ini

C.

ENEConf.ini

D.

PARAgent.ini

Buy Now
Questions 8

What is the purpose of the PrivateArk Server service?

Options:

A.

Executes password changes.

B.

Makes vault data accessible to components.

C.

Maintains vault metadata.

D.

Sends email alert from the Vault

Buy Now
Questions 9

One can create exceptions to the Master Policy based on_________.

Options:

A.

Safes

B.

Platforms

C.

Policies

D.

Accounts

Buy Now
Questions 10

How does the Vault administrator apply a new license file?

Options:

A.

Upload the license.xml file to the system Safe and restart the PrivateArk Server service.

B.

Upload the license.xml file to the system Safe.

C.

Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service.

D.

Upload the license.xml file to the Vault Internal Safe.

Buy Now
Questions 11

Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Options:

A.

Accounts Discovery

B.

Auto Detection

C.

Onboarding RestAPI functions

D.

PTA Rules

Buy Now
Questions 12

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so

that the CPM could resume management automatically?

Options:

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Buy Now
Questions 13

What is the purpose of the Allowed Safes parameter in a CPM policy? Select all that apply.

Options:

A.

To improve performance by reducing CPU workload.

B.

To prevent accidental use of a policy in the wrong safe.

C.

To allow users to access only the passwords they should be able to access.

D.

To enforce Least Privilege in CyberArk.

Buy Now
Questions 14

The Vault Internal safe contains all of the configuration for the vault.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 15

Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 16

Which of the following are prerequisites for installing PVWA Check all that Apply

Options:

A.

Web Services Role

B.

NET 4.5.1 Framework Feature

C.

Remote Desktop Services Role

D.

Windows BitLocker

Buy Now
Questions 17

PSM requires the Remote Desktop Session Host role service.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 18

In the vault each password is encrypted with a unique encryption key.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 19

What is the proper way to allow the Vault to resolve host names?

Options:

A.

Define a DNS server

B.

Define a WINS server

C.

Defining the local hosts file

D.

The Vault cannot resolve host names due to security standards

Buy Now
Questions 20

What are the chief benefits of PSM? Choose all that apply

Options:

A.

Privileged Session Isolation

B.

Automatic Password Management

C.

Privileged Session Recording

D.

A & C

Buy Now
Questions 21

Which file is used to configure new firewall rules on the Vault?

Options:

A.

firewall.ini

B.

paragent.ini

C.

dbparm.ini

D.

padr.ini

Buy Now
Questions 22

The Vault needs to send SNMP traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution?

Options:

A.

PARAgent.ini

B.

dbparm.ini

C.

ENEConf.ini

D.

my.ini

Buy Now
Questions 23

Which of the following is considered a prerequiste for installing PSM?

Options:

A.

IIS Web Services Role

B.

HTML5 Gateway

C.

Provider

D.

Remote Desktop Services

Buy Now
Questions 24

Which file is used to configure new firewall rules on the Vault?

Options:

A.

firewall.ini

B.

PARagent.ini

C.

dbparm.ini

D.

padr.ini

Buy Now
Questions 25

The Accounts Feed contains:

Options:

A.

Accounts that were discovered by CyberArk in the last 30 days

B.

Accounts that were discovered by CyberArk that have not yet been onboarded

C.

All accounts added to the vault in the last 30 days

D.

All users added to CyberArk in the last 30 days

Buy Now
Questions 26

When planning to load balance at least 2 PSM Servers in an "in-domain" deployment, is it required to move the PSMConnect and PSMAdminConnect users to the domain level?

Options:

A.

Yes. but only the PSMConnect user must be moved to the domain.

B.

No. this is the customers decision and will work with local or domain based users.

C.

Yes, both PSMConnect and PSMAdminConnect users should be moved to the domain

D.

No. both accounts must be left as local accounts.

Buy Now
Questions 27

The vault supports a number of dual factor authentication methods.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

The Remote Desktop Services role must be property licensed by Microsoft.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 29

PSM captures a record of each command that was issues in SQL Plus.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 30

The PSM Gateway (also known as the HTML5 Gateway) can be installed

Options:

A.

True

B.

False, the PSM Gateway must be installed on a separate Windows machine

Buy Now
Questions 31

Accounts Discovery allows secure connections to domain controllers.

Options:

A.

True

B.

False

Buy Now
Questions 32

The Vault server requires WINS services to work properly.

Options:

A.

True

B.

False

Buy Now
Questions 33

Access Control to passwords is implemented by ________________.

Options:

A.

Virtual Authorizations

B.

Safe Authorizations

C.

Master Policy

D.

Platform Settings

Buy Now
Questions 34

When is the transparent user provisioned initially in the vault?

Options:

A.

When a directory mapping matching that user id is created.

B.

When a vault admin completes the LDAP configuration wizard

C.

The first time the user logs in.

D.

During the vault's nightly LDAP refresh.

Buy Now
Questions 35

Users complain they are unsuccessful attempting to authenticate to the PVWA web site. After entering their

credentials, they receive a “Timeout has expired”. You test the URL using multiple browsers and receive the

same error. The CyberArk.WebApplication.log shows the “ITACM012S Timeout has expired” log entry.

What is the next troubleshooting step you should take?

Options:

A.

Run an IISRESET on the PVWA server

B.

Check the CyberArk.WebConsole.log for errors

C.

Check network firewall rules to ensure the PVWA can communicate to the Vault over tcp_1858

D.

Check the health of the Vault Server and ensure all services are running

Buy Now
Exam Code: CAU302
Exam Name: CyberArk Defender + Sentry
Last Update: May 2, 2024
Questions: 237
$64  $159.99
$48  $119.99
$40  $99.99
buy now CAU302