CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CyberArk CAU302 Dumps

Page: 1 / 9
Total 237 questions
Get CAU302 Full Access Download CAU302 PDF

CyberArk Defender + Sentry Questions and Answers

Question 1

What conditions must be met in order to log into the vault as the Master user? Select all that apply

Options:

A.

Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini

B.

User must provide the correct master password

C.

Logon requires the Recovery Private Key to be accessible to the vault

D.

Logon must satisfy a challange response request

Question 2

What is the primary purpose of One Time Passwords?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Question 3

What is the name of the Platform parameter that determines the amount of time a person is allowed to use a One Time Password?

Options:

A.

MinValidityPeriod

B.

Interval

C.

ImmediateInterval

D.

Timeout

Question 4

The vault server uses a modified version of the Microsoft Windows firewall

Options:

A.

TRUE

B.

FALSE

Question 5

Which parameter controls how often the CPM looks for Exclusive Passwords that need to be changed?

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Question 6

Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Options:

A.

PrivateArk Database

B.

PrivateArk Server

C.

CyberArk Vault Disaster Recovery (DR) service

D.

CyberArk Logical Container

Question 7

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Options:

A.

TRUE

B.

FALSE

Question 8

Which IP port and Protocol are used by the CyberArk Secure Proprietary Protocol?

Options:

A.

TCP/1858

B.

TCP/636

C.

UDP/1812

D.

TCP/22

Question 9

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Options:

A.

TRUE

B.

FALSE

Question 10

Where do you configure in PVWA the fully-qualified domain name (FQDN) of your target email server during SMTP integration?

Options:

A.

PVWA > Platform Management > Notification Settings

B.

PVWA > Options > Notification Settings

C.

PVWA > Administration > Notification Settings

D.

PVWA > LDAP Integartion > Notification Settings

Question 11

What is the purpose of the password Change process?

Options:

A.

To test that CyberArk is storing accurate credentials for accounts

B.

To change the password of an account according to organizationally defined password rules

C.

To allow CyberArk to manage unknown or lost credentials

D.

To generate a new complex password

Question 12

In an SMTP integration it is recommended to use the fully-qualified domain name (FQDN) when specifying the SMTP server addresses).

Options:

A.

TRUE

B.

FALSE

Question 13

To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers need to be configured to communicate with the Primary Vault and Satellite Vaults. What file needs to be changed on the PVWA to enable this setup?

Options:

A.

Vault.ini

B.

dbparm.ini

C.

pvwa.ini

D.

Satellite.ini

Question 14

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to UnixAdmins? Check all that apply

Options:

A.

Use Accounts

B.

Retrieve Accounts

C.

List Accounts

D.

Authorize Password Requests

E.

Access Safe without Authorization

Question 15

What is the purpose of the Interval setting in a CPM policy?

Options:

A.

To control how often the CPM looks for System Initiated CPM work

B.

To control how often the CPM looks for User Initiated CPM work.

C.

To control how long the CPM rests between password changes

D.

To control the maximum amount of time the CPM will wait for a password change to complete

Question 16

During the process of installing the Central Policy Manager (CPM), the Vault administrator will be asked to provide the credentials for an administrative user in the Vault. For which purpose are these credentials used?

Options:

A.

The credentials will be used later by the CPM to retrieve passwords from the Vault.

B.

The credentials are used by the installer to register the CPM in the CyberArk database.

C.

The credentials are used by the installer to authenticate to the Vault and create the Central Policy Manager (CPM) environment (Safes, users, etc.).

D.

The credentials will be used later by the CPM to update passwords in the Vault.

Question 17

The Vault can only integrate with a single Security Information and Event Management (SIEM) or SYSLOG server.

Options:

A.

True

B.

False

Question 18

Ad-Hoc Access (formerly Secure Connect) provides the following features. (Choose all that apply.)

Options:

A.

PSM connections to target devices that are not managed by CyberArk

B.

Session Recording

C.

Real-time live session monitoring

D.

PSM connections from a terminal without the need to login to the PVWA

Question 19

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

Options:

A.

TRUE

B.

FALSE

Question 20

Any user can monitor live sessions in real time when users initiate RDP connection via Secure Connect through PSM?

Options:

A.

TRUE

B.

FALSE

Question 21

Multiple PSM Servers can be load balanced.

Options:

A.

TRUE

B.

FALSE

Question 22

When the PSM Gateway (also known as the HTML5 ( End Point in order to launch connections via the PSM

Options:

A.

True

B.

False, when the PSM Gateway is implemented, the user only requires a browser in order launch a connection via the PSM

Question 23

The Vault does not support dual factor authentication.

Options:

A.

True

B.

False

Question 24

Which file is used to integrate the Vault with the RADIUS server?

Options:

A.

radius.ini

B.

PARagent.ini

C.

ENEConf.ini

D.

dbparm.ini

Question 25

Time of day of week restrictions on when password changes can occur are configured in ________________.

Options:

A.

The Master Policy

B.

The Platform settings

C.

The Safe settings

D.

The Account Details

Question 26

When accessing the Vault via PVWA, is it possible, is it possible to configure multiple Dual Authentication Methods?

Options:

A.

Yes, all authentication methods will be configured to use the Vault integrated authentication flow.

B.

No, dual authentication methods are not supported.

C.

Yes, authentication methods will be configured to use the combination of IIS and Vault integrated authentication flow.

D.

Yes, all authentication methods will be configured to use the IIS integrated authentication flow.

Question 27

Select the best practice for storing the Master CD.

Options:

A.

Copy the files to the Vault server and discard the CD.

B.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

C.

Store the CD in a secure location, such as a physical safe.

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder

(secured with NTFS permissions) on the vault.

Question 28

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.D18912E1457D5D1DDCBD40AB3BF70D5D

Options:

A.

TRUE

B.

FALSE

Question 29

The Vault server requires WINS services to work properly.

Options:

A.

True

B.

False

Question 30

Which one of the following reports is NOT generated by using the Password Vault Web Access (PVWA)?

Options:

A.

Accounts Inventory

B.

Application Inventory

C.

Active/Non-Active Users

D.

Compliance Status

Question 31

Multiple PVWA servers provide automatic load balancing.

Options:

A.

TRUE

B.

FALSE

Question 32

To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults. Which file needs to be changed on the PVWA to enable this setup?

Options:

A.

Vault.ini

B.

dbparm.ini

C.

pvwa.ini

D.

Satellite.ini

Question 33

Multiple PVWA servers are always all active

Options:

A.

TRUE

B.

FALSE

Question 34

Any user can monitor live sessions in real time when initiating RDP connection via Secure Connect through PSM.

Options:

A.

True

B.

False

Question 35

Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts'? Select all that apply.

Options:

A.

Discovery and Audit (DNA)

B.

Auto Detection (AD)

C.

Export Vault Data (EVD)

D.

On Demand Privileges Manager (OPM)

E.

Accounts Discovery

Page: 1 / 9
Total 237 questions
Get CAU302 Full Access Download CAU302 PDF