CyberArk Defender Questions + Answers

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
answerhappygod
Site Admin
Posts: 899603
Joined: Mon Aug 02, 2021 8:13 am

CyberArk Defender Questions + Answers

Post by answerhappygod »

Question 1
Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed?
A. HeadStartInterval
B. Interval
C. ImmediateInterval
D. The CPM does not change the password under this circumstance


Answer : C

Question 2
Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.
A. TRUE
B. FALSE


Answer : B

Reference:
https://docs.cyberark.com/Product-Doc/O ... 0Messages-%
20General.htm
Question 3
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?
A. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)
B. PSM for Windows (previously known as RDP Proxy)
C. PSM for SSH (previously known as PSM SSH Proxy)
D. All of the above


Answer : A

Question 4
What is the primary purpose of Dual Control?
A. Reduced risk of credential theft
B. More frequent password changes
C. Non-repudiation (individual accountability)
D. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.


Answer : D

Reference:
https://docs.cyberark.com/Product-Doc/O ... ontrol.htm
Question 5
Time of day or day of week restrictions on when password verifications can occur configured in ____________________.
A. The Master Policy
B. The Platform settings
C. The Safe settings
D. The Account Details


Answer : B

Reference:
https://docs.cyberark.com/Product-Doc/O ... swords.htm
Question 6
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests?
A. HeadStartInterval
B. Interval
C. ImmediateInterval
D. The CPM does not change the password under this circumstance


Answer : B

Question 7
According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?
A. PVWAUsers
B. Vault Admins
C. Auditors
D. PVWAMonitor


Answer : D

Reference:
https://docs.cyberark.com/Product-Doc/O ... InPVWA.htm
Question 8
Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?
A. Require dual control password access Approval
B. Enforce check-in/check-out exclusive access
C. Enforce one-time password access
D. Enforce check-in/check-out exclusive access & Enforce one-time password access


Answer : B

Reference:
https://docs.cyberark.com/Product-Doc/O ... -rules.htm
Question 9
The password upload utility must run from the CPM server
A. TRUE
B. FALSE


Answer : B

Reference:
https://docs.cyberark.com/Product-Doc/O ... tility.htm
Question 10
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.
A. TRUE
B. FALSE


Answer : B

Reference:
https://docs.cyberark.com/Product-Doc/O ... ontrol.htm
Question 11
When creating an onboarding rule, it will be executed upon ___________________.
A. All accounts in the pending accounts list
B. Any future accounts discovered by a discovery process
C. Both ג€All accounts in the pending accounts listג€ and ג€Any future accounts discovered by a discovery processג€


Answer : B

Question 12
How does the Vault administrator apply a new license file?
A. Upload the license.xml file to the system Safe and restart the PrivateArk Server service
B. Upload the license.xml file to the system Safe
C. Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service
D. Upload the license.xml file to the Vault Internal Safe


Answer : B

Question 13
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).
A. True
B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows


Answer : B

Question 14
Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?
A. Suspected credential theft
B. Over-Pass-The-Hash
C. Golden Ticket
D. Unmanaged privileged access


Answer : C

Question 15
Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the clientג€™s machine makes an
RDP connection to the PSM server, which user will be utilized?
A. Credentials stored in the Vault for the target machine
B. Shadowuser
C. PSMConnect
D. PSMAdminConnect


Answer : C


Question 11 ( Topic 1 )
Which report provides a list of accounts stored in the vault?
A. Privileged Accounts Inventory
B. Privileged Accounts Compliance Status
C. Entitlement Report
D. Activity Log


Answer : A

Reference:
https://techinsight.com.vn/language/en/ ... on-part-2/
Question 12 ( Topic 1 )
When on-boarding account using Accounts Feed, which of the following is true?
A. You must specify an existing Safe where the account will be stored when it is on-boarded to the Vault.
B. You can specify the name of a new safe that will be created where the account will be stored when it is on-boarded to the Vault.
C. You can specify the name of a new Platform that will be created and associated with the account.
D. Any account that is on-boarded can be automatically reconciled regardless of the platform it is associated with.


Answer : C

Reference:
https://www.cyberark.com/resource/autom ... nboarding/
Question 13 ( Topic 1 )
Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property.
A. TRUE
B. FALSE


Answer : B

Question 14 ( Topic 1 )
Which one of the following reports is NOT generated by using the PVWA?
A. Account Inventory
B. Application Inventory
C. Safes List
D. Compliance Status


Answer : C

Reference:
https://techinsight.com.vn/language/en/ ... on-part-2/
Question 15 ( Topic 1 )
PSM captures a record of each command that was executed in Unix.
A. TRUE
B. FALSE


Answer : A


Question 16 ( Topic 1 )
Platform settings are applied to______________.
A. The entire vault.
B. Network Areas
C. Safes
D. Individual Accounts


Answer : C

Reference:

Question 17 ( Topic 1 )
Customers who have the ג€˜Access Safe without confirmationג€™ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.
A. TRUE
B. FALSE


Answer : B

Question 18 ( Topic 1 )
What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?
A. MinValidityPeriod
B. Interval
C. ImmediateInterval
D. Timeout


Answer : D

Question 19 ( Topic 1 )
It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.
A. TRUE
B. FALSE


Answer : A

Question 20 ( Topic 1 )
Which of the following files must be created or configured in order to run Password Upload Utility? (Choose all that apply.)
A. PACli.ini
B. Vault.ini
C. conf.ini
D. A comma delimited upload file


Answer : C

Reference:



Question 21 ( Topic 1 )
Users can be restricted through certain CyberArk interfaces (e.g. PVWA or PACLI).
A. TRUE
B. FALSE


Answer : A

Question 22 ( Topic 1 )
What is the purpose of the HeadStartInterval setting in a platform?
A. It determines how far in advance audit data is collected for reports.
B. It instructs the CPM to initiate the password change process X number of days before expiration.
C. It instructs the AIM Provider to ג€˜skip the cacheג€™ during the defined time period.
D. It alerts users of upcoming password changes x number of days before expiration.


Answer : B

Reference:

Question 23 ( Topic 1 )
It is possible to restrict the time of day, or day of week that a reconcile process can occur.
A. TRUE
B. FALSE


Answer : B

Question 24 ( Topic 1 )
Which of the following options is not set in the Master Policy?
A. Password Expiration Time
B. Enabling and Disabling of the Connection Through the PSM
C. Password Complexity
D. The use of ג€One-Time-Passwordsג€


Answer : C

Question 25 ( Topic 1 )
The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability).
A. TRUE
B. FALSE


Answer : A


Question 26 ( Topic 1 )
The System safe allows access to the Vault configuration files.
A. TRUE
B. FALSE


Answer : B

Question 27 ( Topic 1 )
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to change the root accountג€™s password the CPM willג€¦
A. Log in to the system as root, then change rootג€™s password.
B. Log in to the system as the logon account, then change rootג€™s password
C. Log in to the system as the logon account, run the su command to log in as root, and then change rootג€™s password.
D. None of these.


Answer : A

Question 28 ( Topic 1 )
It is possible to restrict the time of day, or day of week that a verify process can occur.
A. TRUE
B. FALSE


Answer : B

Question 29 ( Topic 1 )
Which of the Following can be configured in the Master Policy? (Choose all that apply.)
A. Dual Control
B. One Time Passwords
C. Exclusive Passwords
D. Password Reconciliation
E. Ticketing Integration
F. Required Properties
G. Custom Connection Components
H. Password Aging Rules


Answer : ABDH

Question 30 ( Topic 1 )
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?
A. Configure the Provider to change the password to match the Vaultג€™s Password
B. Associate a reconcile account and configure the platform to reconcile automatically.
C. Associate a logon account and configure the platform to reconcile automatically.
D. Run the correct auto detection process to rediscover the password.


Answer : B


Question 31 ( Topic 1 )
What is the maximum number of levels of authorizations you can set up in Dual Control?
A. 1
B. 2
C. 3
D. 4


Answer : B

Question 32 ( Topic 1 )
As long as you are a member of the Vault Admins group you can grant any permission on any safe.
A. TRUE
B. FALSE


Answer : B

Question 33 ( Topic 1 )
In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?
A. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account of the target serverג€™s root account.
B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target serverג€™s root account.
C. Configure the Unix system to allow SSH logins.
D. Configure the CPM to allow SSH logins.


Answer : B

Question 34 ( Topic 1 )
Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (Choose all that apply.)
A. The PSM software must be installed on the target server.
B. PSM must be enabled in the Master Policy (either directly, or through exception).
C. PSMConnect must be added as a local user on the target server.
D. RDP must be enabled on the target server.


Answer : C

Question 35 ( Topic 1 )
The Password upload utility can be used to create safes.
A. TRUE
B. FALSE


Answer : A

Reference:
https://docs.cyberark.com/Product-Doc/O ... tility.htm


Question 36 ( Topic 1 )
Which CyberArk components products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? (Choose all that apply.)
A. Discovery and Audit (DNA)
B. Auto Detection (AD)
C. Export Vault Data (EVD)
D. On Demand Privileges manager (OPM)
E. Accounts Discovery


Answer : AE

Question 37 ( Topic 1 )
A Reconcile Account can be specified in the Master Policy.
A. TRUE
B. FALSE


Answer : B

Question 38 ( Topic 1 )
In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?
A. True.
B. False. Because the user can also enter credentials manually using Secure Connect.
C. False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect.
D. False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.


Answer : B

Question 39 ( Topic 1 )
SAFE Authorizations may be granted to _________________. (Choose all that apply.)
A. Vault Users
B. Vault Groups
C. LDAP Users
D. LDAP Groups


Answer : A

Question 40 ( Topic 1 )
Secure Connect provides the following features. (Choose all that apply.)
A. PSM connections to target devices that are not managed by CyberArk.
B. Session Recording.
C. real-time live session monitoring.
D. PSM connections from a terminal without the need to login to the PVWA.


Answer : ABC

Reference:
https://docs.cyberark.com/Product-Doc/O ... onnect.htm
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!
Top
Post Reply

Return to “Archived Questions & Answers”