Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 60certs

CyberArk PAM-CDE-RECERT Dumps

CyberArk CDE Recertification Questions and Answers

Question 1

You are creating a new Rest API user that utilizes CyberArk Authentication.

What is a correct process to provision this user?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User

B.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add

C.

PVWA > User Provisioning > LDAP Integration > Add Mapping

D.

PVWA > User Provisioning > Users and Groups > New > User

Question 2

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

Options:

A.

Select Update on the CyberArk group, and then click Add > LDAP Group

B.

Select Update on the LDAP Group, and then click Add > LDAP Group

C.

Select Member Of on the CyberArk group, and then click Add > LDAP Group

D.

Select Member Of on the LDAP group, and then click Add > LDAP Group

Question 3

When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

Options:

A.

Platform

B.

Connection Component

C.

CPM

D.

Vault

Question 4

What is the purpose of the HeadStartlnterval setting m a platform?

Options:

A.

It determines how far in advance audit data is collected tor reports

B.

It instructs the CPM to initiate the password change process X number of days before expiration.

C.

It instructs the AIM Provider to ‘skip the cache' during the defined time period

D.

It alerts users of upcoming password changes x number of days before expiration.

Question 5

What is the purpose of the CyberArk Event Notification Engine service?

Options:

A.

It sends email messages from the Central Policy Manager (CPM)

B.

It sends email messages from the Vault

C.

It processes audit report messages

D.

It makes Vault data available to components

Question 6

Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Options:

A.

Discovery and Audit (DMA)

B.

Auto Detection (AD)

C.

Export Vault Data (EVD)

D.

On Demand Privileges Manager (OPM)

E.

Accounts Discovery

Question 7

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Options:

A.

True

B.

False

Question 8

Which user(s) can access all passwords in the Vault?

Options:

A.

Administrator

B.

Any member of Vault administrators

C.

Any member of auditors

D.

Master

Question 9

You need to enable the PSM for all platforms.

Where do you perform this task?

Options:

A.

Platform Management > (Platform) > UI & Workflows

B.

Master Policy > Session Management

C.

Master Policy > Privileged Access Workflows

D.

Administration > Options > Connection Components

Question 10

Which of the following components can be used to create a tape backup of the Vault?

Options:

A.

Disaster Recovery

B.

Distributed Vaults

C.

Replicate

D.

High Availability

Question 11

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

Options:

A.

True

B.

False, the PTA can suspend sessions whether the session is made via the PSM or not

Question 12

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Options:

A.

Suspected credential theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged privileged access

Question 13

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

Options:

A.

True

B.

False

Question 14

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

Options:

A.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway

B.

Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers

C.

Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway

D.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details

Question 15

Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Options:

A.

PrivateArk Database

B.

PrivateArk Server

C.

CyberArk Vault Disaster Recovery (DR) service

D.

CyberArk Logical Container

Question 16

Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

Options:

A.

PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM-SSH Proxy)

D.

All of the above

Question 17

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

Options:

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Question 18

According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

Options:

A.

PVWAUsers

B.

Vault Admins

C.

Auditors

D.

PVWAMonitor

Question 19

What is the maximum number of levels of authorization you can set up in Dual Control?

Options:

A.

1

B.

2

C.

3

D.

4

Question 20

When managing SSH keys, the CPM stores the Public Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the public key can always be generated from the private key.

Question 21

The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys.

How are these keys managed?

Options:

A.

CyberArk stores Private keys in the Vault and updates Public keys on target systems.

B.

CyberArk stores Public keys in the Vault and updates Private keys on target systems.

C.

CyberArk does not store Public or Private keys and instead uses a reconcile account to create keys on demand.

D.

CyberArk stores both Private and Public keys and can update target systems with either key.

Question 22

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALS

Question 23

Which authentication methods does PSM for SSH support?

Options:

A.

CyberArk Password, LDAP, RADIUS, SAML

B.

LDAP, Windows Authentication, SSH Keys

C.

RADIUS, Oracle SSO, CyberArk Password

D.

CyberArk Password, LDAP, RADIUS

Question 24

A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.

Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

Options:

A.

PVWA > User Provisioning > LDAP Integration > Mapping Criteria

B.

PVWA > User Provisioning > LDAP Integration > Map Name

C.

PVWA > Administration > LDAP Integration > Mappings

D.

PVWA > Administration > LDAP Integration > AD Groups

Question 25

A customer installed multiple PVWAs in the production environment behind a load balancer VIP. They subsequently observed that all incoming traffic from the load balancer VIP goes to only one PVWA, even though all the PVWAs are up and running. What could be the likely cause of this situation?

Options:

A.

The load balancing algorithm is the least connections algorithm.

B.

The Certificate of the load balancer is not a wild card cert

C.

The load balancing pool only has one PVWA server

D.

SSL passthrough is not configured on the load balancer.

Question 26

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:

A.

Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.

C.

In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.

Question 27

For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.

Options:

A.

TRUE

B.

FALSE

Question 28

Which usage can be added as a service account platform?

Options:

A.

Kerberos Tokens

B.

IIS Application Pools

C.

PowerShell Libraries

D.

Loosely Connected Devices

Question 29

PSM captures a record of each command that was executed in Unix.

Options:

A.

TRIE

B.

FALSE

Question 30

The vault supports Role Based Access Control.

Options:

A.

TRUE

B.

FALSE

Question 31

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Options:

A.

True; this is the default behavior

B.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file

D.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file