CyberArk Defender Practice Exam 2022 Questions and Answers

Document Content and Description Below

Target account platforms can be restricted to accounts that are stored in specific Safes using the Allowed Safes property. - ANSWER True Which one of the following reports is NOT generated by using... the PVWA? - ANSWER Safes List It is impossible to override Master Policy settings for a Platform. - ANSWER False You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to verify the root account's password the CPM will... - ANSWER Log in first with the logon account, then run the su command to log in as root using the password in the vault. In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault? - ANSWER FALSE. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect. VAULT authorizations may be granted to... - ANSWER Vault Users, LDAP Users For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval. - ANSWER On the safe in which the account is stored grant the group the 'Access safe without confirmation' authorization. It is impossible to override Master Policy settings for a Platform - ANSWER FALSE What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy? - ANSWER MinValidityPeriod When managing SSH keys, CPM automatically pushes the Private Key to all systems that use it. - ANSWER FALSE PSM captures a record of each command that was issued in SQL Plus. - ANSWER TRUE Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords. - ANSWER TRUE Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account. - ANSWER FALSE Which of the following files must be created or configured in order to run Password Upload Utility? - ANSWER Vault.ini conf.ini A comma delimited upload file When on-boarding accounts using Accounts Feed, which of the following is true? - ANSWER You can specify the name of a new safe that will be created where the account will be stored when it is on-boarded to the Vault. SAFE Authorizations may be granted to _________________. - ANSWER Vault Users and Groups LDAP Users and Groups Platform settings are applied to... - ANSWER Individual Accounts One can create exceptions to the Master Policy based on ____________. - ANSWER Platforms What is the purpose of the Immediate Interval setting in a CPM policy? - ANSWER To control how often the CPM looks for User Initiated CPM work. What conditions must be met in order to log into the vault as the Master user? - ANSWER 1. Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini 2. Must provide correct master password 3. Must provide the Recovery Private Key It is possible to leverage DNA to provide discovery functions that are not available with auto-detection. - ANSWER TRUE It is possible to control the hours of the day during which a safe may be used. - ANSWER TRUE In Accounts Discovery, you can configure a Windows discovery to scan _________. - ANSWER Only one OU. Users can be restricted to using certain CyberArk interfaces (e.g. PVWA or PACLI). - ANSWER TRUE Which user is automatically given all Safe authorizations on all Safes? - ANSWER Master It is possible to restrict the time of day, or day of week that a verify process can occur. - ANSWER True It is possible to control the hours of the day during which a user may log into the vault. - ANSWER True What is the purpose of the Allowed Safes parameter in a CPM policy? - ANSWER To improve performance by reducing CPM workload. To prevent accidental use of a policy in the wrong safe. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. What permissions are granted to the OperationsStaff? - ANSWER Use List Retrieve Auto-Detection can be configured to leverage LDAP/S. - ANSWER TRUE As long as you are a member of the Vault Admins group you can grant any permission on any safe. - ANSWER FALSE Which of the Following can be configured in the Master Policy? - ANSWER Dual Control Exclusive Passwords One Time Passwords Password Aging Rules If a user is a member of more than one group that has authorizations on a safe, by default that user is granted __________________. - ANSWER the cumulative permissions of all the groups to which that user belongs. One time passwords reduce the risk of Pass the Hash vulnerabilities in Windows. - ANSWER TRUE All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to UnixAdmins? - ANSWER Use List Retrieve Access Safe without Authorization It is possible to restrict the time of day, or day of week that a change process can occur. - ANSWER TRUE It is possible to restrict the time of day, or day of week that a reconcile process can occur. - ANSWER TRUE A Logon Account can be specified in the Master Policy. - ANSWER FALSE The System safe allows access to the Vault configuration files. - ANSWER TRUE Which utilities could you use to change debugging levels on the vault without having to restart the vault. - ANSWER PAR Agent PrivateArk Server Central Administration The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability). - ANSWER TRUE Reports can be scheduled to run on a periodic basis. - ANSWER TRUE What is the maximum number of levels of authorizations you can set up in Dual Control? - ANSWER 2 When managing SSH keys, CPM automatically pushes the Public Key to the target system. - ANSWER TRUE The Password upload utility can be used to create safes. - ANSWER TRUE Which report could show all audit data in the vault? - ANSWER Activity Log In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault? - ANSWER FALSE. Because the user can also enter credentials manually using Secure Connect. Which Built-In group grants access to the ADMINISTRATION page? - ANSWER Vault Admins If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically? - ANSWER Associate a reconcile account and configure the platform to reconcile automatically. It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe. - ANSWER TRUE The vault does not support Role Based Access Control. - ANSWER FALSE Which of the following statements are NOT true when enabling PSM recording for a target Windows server? - ANSWER The PSM software must be installed on the target server. PSMConnect must be added as a local user on the target server. A Reconcile Account can be specified in the platform settings. - ANSWER TRUE [Show More]

Last updated: 1 year ago

Preview 1 out of 5 pages