Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CyberArk PAM-DEF

CyberArk PAM-DEF Exam Practice Questions (P. 2)

  • Full Access (113 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.
What is the correct location to identify users or groups who can approve?
  1. A
    PVWA > Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control > Approvers
  2. B
    PVWA > Policies > Access Control (Safes) > Select the safe > Safe Members > Workflow > Authorize Password Requests
  3. C
    PVWA > Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers
  4. D
    PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership)

Correct Answer:
B
chatbot-img GPT-4o - Answer
The correct way to find out who can approve a password request under the dual-control system in CyberArk is through the Password Vault Web Access (PVWA). Specifically, you should navigate to Policies, then Access Control (Safes), select the relevant safe, go to Safe Members, and look under Workflow at the function 'Authorize Password Requests.' This location is integral for Vault Admins or anyone involved in managing access control to see exactly who has the authority to approve dual control password requests. This setup ensures that password access is securely managed and adheres to organizational policies on access control.

Question #7
What must you specify when configuring a discovery scan for UNIX? (Choose two.)
  1. A
    Vault Administrator
  2. B
    CPM Scanner
  3. C
    root password for each machine
  4. D
    list of machines to scan
  5. E
    safe for discovered accounts

Correct Answer:
CD
chatbot-img GPT-4o - Answer
Regarding your question on configuring a discovery scan for UNIX, the two key components to be specified are the root password for each machine and a list of machines to target in the scan. It’s particularly important to enter the root passwords to gain the necessary access for a thorough scan, and defining the list of machines ensures that the scan is focused and effective, covering all relevant assets. This combination is fundamental to configure scans accurately and efficiently.

Question #8
To change the safe where recordings are kept for a specific platform, which setting must you update in the platform configuration?
  1. A
    SessionRecorderSafe
  2. B
    SessionSafe
  3. C
    RecordingsPath
  4. D
    RecordingLocation

Correct Answer:
C
chatbot-img GPT-4o - Answer
The correct setting to update in the platform configuration for changing the safe where recordings are kept is 'SessionRecorderSafe', not 'RecordingsPath'. This setting allows specifying the safe name where session recordings are stored. It's essential to reference this configuration when aiming to segregate or reorganize where these recordings are maintained. Always confirm settings and configuration by consulting the most recent CyberArk documentation or support channels.

Question #9
Which processes reduce the risk of credential theft? (Choose two.)
  1. A
    require dual control password access approval
  2. B
    require password change every X days
  3. C
    enforce check-in/check-out exclusive access
  4. D
    enforce one-time password access

Correct Answer:
AB
chatbot-img GPT-4o - Answer
Requiring a password change every X days (B) is a strategic approach to mitigate the risk of old credentials being used maliciously if they are compromised. Implementing dual control for password access approval (A) also plays a crucial role in reducing credential theft. This system ensures that no single individual can access sensitive information without approval from another authorized party, significantly lowering the chance of unauthorized access and use. While one-time passwords (D) do provide a layer of security, they primarily address a different type of security concern, more towards ensuring the integrity of ongoing sessions rather than preventing initial credential theft.

Question #10
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How can this be configured to allow for password management using least privilege?
  1. A
    Configure each CPM to use the correct logon account.
  2. B
    Configure each CPM to use the correct reconcile account.
  3. C
    Configure the UNIX platform to use the correct logon account.
  4. D
    Configure the UNIX platform to use the correct reconcile account.

Correct Answer:
D
chatbot-img GPT-4o - Answer
Remember, when onboarding UNIX root accounts for rotation by the CPM, it's crucial to differentiate between "logon" and "reconcile" accounts within the platform setup. Although there's a focus on the logon account which is used initially by the CPM to access the system, the question clearly involves ensuring a fallback mechanism disrupting regular operation, which is provided by a reconcile account rather than the logon account. So, the correct configuration in this context would employ the reconcile account to manage password resets when the CPM can't login normally, ensuring continuity in privileged access management.

Previous Questions Next Questions

All Pages