March Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

PAM-DEF Sample Questions Answers

Questions 4

You are configuring a Vault HA cluster.

Which file should you check to confirm the correct drives have been assigned for the location of the Quorum and Safes data disks?

Options:

A.

ClusterVault.ini

B.

my.ini

C.

vault.ini

D.

DBParm.ini

Buy Now
Questions 5

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Options:

A.

The heartbeat s no longer detected on the private network.

B.

The shared storage array is offline.

C.

An alert is generated in the Windows Event log.

D.

The Digital Vault Cluster does not detect a node failure.

Buy Now
Questions 6

CyberArk recommends implementing object level access control on all Safes.

Options:

A.

True

B.

False

Buy Now
Questions 7

What is the purpose of the CyberArk Event Notification Engine service?

Options:

A.

It sends email messages from the Central Policy Manager (CPM)

B.

It sends email messages from the Vault

C.

It processes audit report messages

D.

It makes Vault data available to components

Buy Now
Questions 8

Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.

How do you accomplish this?

Options:

A.

Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies

B.

Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording Most Voted

C.

Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies

D.

Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies

Buy Now
Questions 9

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 10

In a rule using “Privileged Session Analysis and Response” in PTA, which session options are available to configure as responses to activities?

Options:

A.

Suspend, Terminate, None

B.

Suspend, Terminate, Lock Account

C.

Pause, Terminate, None

D.

Suspend, Terminate

Buy Now
Questions 11

You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events.

Where must you update the group to allow this?

Options:

A.

in the PTAAuthorizationGroups parameter, found in Administration > Options > PTA

B.

in the PTAAuthorizationGroups parameter, found in Administration > Options > General

C.

in the SecurityEventsAuthorizationGroups parameter, found in Administration > Security > Options

D.

in the SecurityEventsFeedAuthorizationGroups parameter, found in Administration > Options > General

Buy Now
Questions 12

What is the easiest way to duplicate an existing platform?

Options:

A.

From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.

B.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.

C.

From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.

D.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.

Buy Now
Questions 13

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Options:

A.

Export Vault Data

B.

Export Vault Information

C.

PrivateArk Client

D.

Privileged Threat Analytics

Buy Now
Questions 14

Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

Options:

A.

They are added to the Pending Accounts list and can be reviewed and manually uploaded.

B.

They cannot be onboarded to the Password Vault.

C.

They must be uploaded using third party tools.

D.

They are not part of the Discovery Process.

Buy Now
Questions 15

When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

Options:

A.

List Accounts, View Safe Members

B.

Manage Safe Owners

C.

List Accounts, Access Safe without confirmation

D.

Manage Safe, View Audit

Buy Now
Questions 16

You are configuring CyberArk to use HTML5 gateways exclusively for PSM connections.

In the PVWA, where do you set DefaultConnectionMethod to HTML5?

Options:

A.

Options > Privileged Session Management UI

B.

Options > Privileged Session Management

C.

Options > Privileged Session Management Defaults

D.

Options > Privileged Session Management Interface

Buy Now
Questions 17

PSM captures a record of each command that was executed in Unix.

Options:

A.

TRIE

B.

FALSE

Buy Now
Questions 18

An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?

Options:

A.

PSMAdminConnect

B.

Shadowuser

C.

PSMConnect

D.

Credentials stored in the Vault for the target machine

Buy Now
Questions 19

Which file must be edited on the Vault to configure it to send data to PTA?

Options:

A.

dbparm.ini

B.

PARAgent.ini

C.

my.ini

D.

padr.ini

Buy Now
Questions 20

Which change could CyberArk make to the REST API that could cause existing scripts to fail?

Options:

A.

adding optional parameters in the request

B.

adding additional REST methods

C.

removing parameters

D.

returning additional values in the response

Buy Now
Questions 21

One can create exceptions to the Master Policy based on ____________________.

Options:

A.

Safes

B.

Platforms

C.

Policies

D.

Accounts

Buy Now
Questions 22

It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 23

If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

Options:

A.

KeyPath

B.

KeyFile

C.

ObjectName

D.

Address

Buy Now
Questions 24

Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Options:

A.

Discovery and Audit (DMA)

B.

Auto Detection (AD)

C.

Export Vault Data (EVD)

D.

On Demand Privileges Manager (OPM)

E.

Accounts Discovery

Buy Now
Questions 25

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)

Options:

A.

Store the CD in a physical safe and mount the CD every time Vault maintenance is performed

B.

Copy the entire contents of the CD to the system Safe on the Vault

C.

Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions

D.

Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions

Buy Now
Questions 26

Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

Options:

Buy Now
Questions 27

The vault supports Subnet Based Access Control.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

A recently-hired colleague onboarded five new Local Accounts that are used for five standalone Windows Servers. After attempting to connect to the servers from PVWA, the colleague noticed that the "Connect" button was greyed out for all five new accounts.

What can you do to help your colleague resolve this issue? (Choose two.)

Options:

A.

Verify that the address field is populated with an IP or FQDN of each server.

B.

Verify that the correct PSM connection component appears within account platform settings.

C.

Verify that the address field is blank and that the correct PSM connection component appears within account platform settings.

D.

Notify the Windows Team that created the new accounts that the CyberArk PAM solution is not designed to manage local accounts on Windows Servers.

E.

Verify that the "Disable automatic management for this account" setting for each account is not enabled.

Buy Now
Questions 29

To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?

Options:

A.

List Accounts, Use Accounts

B.

List Accounts, Use Accounts, Retrieve Accounts

C.

Use Accounts

D.

List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation

Buy Now
Questions 30

What is the purpose of the Interval setting in a CPM policy?

Options:

A.

To control how often the CPM looks for System Initiated CPM work.

B.

To control how often the CPM looks for User Initiated CPM work.

C.

To control how long the CPM rests between password changes.

D.

To control the maximum amount of time the CPM will wait for a password change to complete.

Buy Now
Questions 31

You notice an authentication failure entry for the DR user in the ITALog.

What is the correct process to fix this error? (Choose two.)

Options:

A.

PrivateArk Client > Tools > Administrative Tools > Users and Groups > DR User > Update > Authentication > Update Password.

B.

Create a new credential file, on the DR Vault, using the CreateCredFile utility and the newly set password.

С. Create a new credential file, on the Primary Vault, using the CreateCredFile utility and the newly set password.

C.

PVWA > User Provisioning > Users and Groups > DR User > Update Password.

D.

PrivateArk Client > Tools > Administrative Tools > Users and Groups > PAReplicate User > Update > Authentication > Update Password.

Buy Now
Questions 32

You are onboarding an account that is not supported out of the box.

What should you do first to obtain a platform to import?

Options:

A.

Create a service ticket in the customer portal explaining the requirements of the custom platform.

B.

Search common community portals like stackoverflow, reddit, github for an existing platform.

C.

From the platforms page, uncheck the “Hide non-supported platforms” checkbox and see if a platform meeting your needs appears.

D.

Visit the CyberArk marketplace and search for a platform that meets your needs.

Buy Now
Questions 33

How does the Vault administrator apply a new license file?

Options:

A.

Upload the license.xml file to the system Safe and restart the PrivateArk Server service

B.

Upload the license.xml file to the system Safe

C.

Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service

D.

Upload the license.xml file to the Vault Internal Safe

Buy Now
Questions 34

You are logging into CyberArk as the Master user to recover an orphaned safe.

Which items are required to log in as Master?

Options:

A.

Master CD, Master Password, console access to the Vault server, Private Ark Client

B.

Operator CD, Master Password, console access to the PVWA server, PVWA access

C.

Operator CD, Master Password, console access to the Vault server, Recover.exe

D.

Master CD, Master Password, console access to the PVWA server, Recover.exe

Buy Now
Questions 35

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

Options:

A.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway

B.

Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers

C.

Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway

D.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details

Buy Now
Questions 36

When an account is unable to change its own password, how can you ensure that password reset with the reconcile account is performed each time instead of a change?

Options:

A.

Set the parameter RCAllowManualReconciliation to Yes.

B.

Set the parameter ChangePasswordinResetMade to Yes.

C.

Set the parameter IgnoreReconcileOnMissingAccount to No.

D.

Set the UnlockUserOnReconcile to Yes.

Buy Now
Questions 37

Which values are acceptable in the address field of an Account?

Options:

A.

It must be a Fully Qualified Domain Name (FQDN)

B.

It must be an IP address

C.

It must be NetBIOS name

D.

Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

Buy Now
Questions 38

You have been asked to create an account group and assign three accounts which belong to a cluster. When you try to create a new group, you receive an unauthorized error; however, you are able to edit other aspects of the account properties.

Which safe permission do you need to manage account groups?

Options:

A.

create folders Most Voted

B.

specify next account content

C.

rename accounts

D.

manage safe

Buy Now
Questions 39

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Options:

A.

Require dual control password access Approval

B.

Enforce check-in/check-out exclusive access

C.

Enforce one-time password access

D.

Enforce check-in/check-out exclusive access & Enforce one-time password access

Buy Now
Questions 40

Accounts Discovery allows secure connections to domain controllers.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 41

What is the primary purpose of One Time Passwords?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.

Buy Now
Questions 42

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 43

To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

Options:

A.

List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

B.

List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

C.

Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

D.

View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

Buy Now
Questions 44

In the Private Ark client under the Tools menu > Administrative Tools > Users and Groups, which option do you use to update users’ Vault group memberships?

Options:

A.

Update > General tab

B.

Update > Authorizations tab

C.

Update > Member Of tab

D.

Update > Group tab

Buy Now
Questions 45

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Options:

A.

True

B.

False

Buy Now
Questions 46

In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to “Fast Forward” within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.

What could be the cause?

Options:

A.

Recording is of a PSM for SSH session.

B.

The browser you are using is out of date and needs an update to be supported.

C.

You do not have the “View Audit” permission on the safe where the account is stored.

D.

You need to update the recorder settings in the platform to enable screen capture every 10000 ms or less.

Buy Now
Questions 47

As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 48

A new colleague created a directory mapping between the Active Directory groups and the Vault.

Where can the newly Configured directory mapping be tested?

Options:

A.

Connect to the Active Directory and ensure the organizational unit exists.

B.

Connect to Sailpoint (or similar tool) to ensure the organizational unit is correctly named; log in to the PVWA with "Administrator" and confirm authentication succeeds.

C.

Search for members that exist only in the mapping group to grant them safe permissions through the PVWA.

D.

Connect to the PrivateArk Client with the Administrator Account to see if there is a user in the Vault Admin Group.

Buy Now
Questions 49

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 50

What must you specify when configuring a discovery scan for UNIX? (Choose two.)

Options:

A.

Vault Administrator

B.

CPM Scanner

C.

root password for each machine

D.

list of machines to scan

E.

safe for discovered accounts

Buy Now
Questions 51

You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission.

Where do you update this permission for all auditors?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Vault Authorizations

B.

Private Ark Client > Tools > Administrative Tools > Users and Groups > Auditors > Authorizations tab

C.

PVWA User Provisioning > LDAP integration > Vault Auditors Mapping > Vault Authorizations

D.

PVWA> Administration > Configuration Options > LDAP integration > Vault Auditors Mapping > Vault Authorizations

Buy Now
Questions 52

A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.

What is the correct location to identify users or groups who can approve?

Options:

A.

PVWA> Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control> Approvers

B.

PVWA> Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests

C.

PVWA> Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers

D.

PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership)

Buy Now
Questions 53

Which certificate type do you need to configure the vault for LDAP over SSL?

Options:

A.

the CA Certificate that signed the certificate used by the External Directory

B.

a CA signed Certificate for the Vault server

C.

a CA signed Certificate for the PVWA server

D.

a self-signed Certificate for the Vault

Buy Now
Questions 54

You have been asked to identify the up or down status of Vault services.

Which CyberArk utility can you use to accomplish this task?

Options:

A.

Vault Replicator

B.

PAS Reporter

C.

Remote Control Agent

D.

Syslog

Buy Now
Questions 55

The vault supports Role Based Access Control.

Options:

A.

TRUE

B.

FALSE

Questions 56

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

Options:

A.

PSM-SSH Connection Component

B.

UnixPrompts.ini

C.

UnixProcess.ini

D.

PSM-RDP Connection Component

Buy Now
Questions 57

Platform settings are applied to _________.

Options:

A.

The entire vault.

B.

Network Areas

C.

Safes

D.

Individual Accounts

Buy Now
Questions 58

When managing SSH keys, the CPM stores the Public Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the public key can always be generated from the private key.

Buy Now
Questions 59

You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.

What do you need to recover and decrypt the object? (Choose three.)

Options:

A.

Recovery Private Key

B.

Recover.exe

C.

Vault data

D.

Recovery Public Key

E.

Server Key

F.

Master Password

Buy Now
Questions 60

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Options:

A.

Suspected credential theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged privileged access

Buy Now
Questions 61

To manage automated onboarding rules, a CyberArk user must be a member of which group?

Options:

A.

Vault Admins

B.

CPM User

C.

Auditors

D.

Administrators

Buy Now
Questions 62

Match each PTA alert category with the PTA sensors that collect the data for it.

Options:

Buy Now
Questions 63

Within the Vault each password is encrypted by:

Options:

A.

the server key

B.

the recovery public key

C.

the recovery private key

D.

its own unique key

Buy Now
Questions 64

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

Options:

A.

True

B.

False, the PTA can suspend sessions whether the session is made via the PSM or not

Buy Now
Questions 65

It is possible to control the hours of the day during which a user may log into the vault.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 66

Which statement is true about setting the reconcile account at the platform level?

Options:

A.

This is the only way to enable automatic reconciliation of account passwords.

B.

CPM performance will be improved when the reconcile account is set at the platform level.

C.

A rule can be used to specify the reconcile account dynamically or a specific reconcile account can be selected.

D.

This configuration prevents the association from becoming broken if the reconcile account is moved to a different safe.

Buy Now
Questions 67

You are creating a Dual Control workflow for a team’s safe.

Which safe permissions must you grant to the Approvers group?

Options:

A.

List accounts, Authorize account request

B.

Retrieve accounts, Access Safe without confirmation

C.

Retrieve accounts, Authorize account request

D.

List accounts, Unlock accounts

Buy Now
Questions 68

Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 69

In addition to add accounts and update account contents, which additional permission on the safe is required to add a single account?

Options:

A.

Upload Accounts Properties

B.

Rename Accounts

C.

Update Account Properties

D.

Manage Safe

Buy Now
Questions 70

Which command generates a full backup of the Vault?

Options:

A.

PAReplicate.exe Vault.ini /LogonFromFile user.ini /FullBackup

B.

PAPreBackup.exe C:\PrivateArk\Server\Conf\Vault.ini Backup/Asdf1234 /full

C.

PARestore.exe PADR ini /LogonFromFile vault.ini /FullBackup

D.

CAVaultManager.exe RecoverBackupFiles /BackupPoolName BkpSvr1

Buy Now
Questions 71

What is the purpose of the password change process?

Options:

A.

To test that CyberArk is storing accurate credentials for accounts

B.

To change the password of an account according to organizationally defined password rules

C.

To allow CyberArk to manage unknown or lost credentials

D.

To generate a new complex password

Buy Now
Questions 72

A logon account can be specified in the platform settings.

Options:

A.

True

B.

False

Buy Now
Exam Code: PAM-DEF
Exam Name: CyberArk Defender - PAM
Last Update: Mar 26, 2024
Questions: 239
$64  $159.99
$48  $119.99
$40  $99.99
buy now PAM-DEF