CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CyberArk PAM-SEN Dumps

Page: 1 / 10
Total 136 questions
Get PAM-SEN Full Access Download PAM-SEN PDF

CyberArk Sentry PAM Questions and Answers

Question 1

A vault admin received an email notification that a password verification process has failed Which service sent the message?

Options:

A.

The PrivateArk Server Service on the Vault.

B.

The CyberArk Password Manager service on the Components Server.

C.

The CyberArk Event Notification Engine Service on the Vault

D.

The CyberArk Privileged Session Manager service on the Vault.

Question 2

Which tools are used during a CPM renaming process? (Choose two.)

Options:

A.

APIKeyManager Utility Most Voted

B.

CreateCredFile Utility Most Voted

C.

CPMInDomain_Hardening.ps1

D.

PMTerminal.exe

E.

Data Execution Prevention

Question 3

After installing the first PSM server and before installing additional PSM servers, you must ensure the user performing the installation is not a direct owner of which safe?

Options:

A.

PSMUnmanagedSessionAccounts Safe

B.

PSMRecordingsSessionAccounts Safe

C.

PSMUnmanagedApplicationAccounts Safe

D.

PSMSessionBackupAccounts Safe

Question 4

What is the PRIMARY reason for installing more than 1 active CPM?

Options:

A.

Installing CPMs in multiple sites prevents complex firewall rules to manage devices at remote sites.

B.

Multiple instances create fault tolerance.

C.

Multiple instances increase response time.

D.

Having additional CPMs increases the maximum number of devices CyberArk can manage

Question 5

What authentication methods can be implemented to enforce Two-Factor Authentication (2FA) for users authenticating to CyberArk using both the PVWA (through the browser) and the PrivateArk Client?

Options:

A.

LDAP and RADIUS Most Voted

B.

CyberArk and RADIUS

C.

SAML and Cyber Ark

D.

SAML and RADIUS

Question 6

Which service must be set to Automatic (delayed start) after the Vault is installed and configured?

Options:

A.

Windows Time service

B.

PrivateArk Database

C.

Windows Update service

D.

PrivateArk Server

Question 7

Which statement is correct about CPM behavior in a distributed Vault environment?

Options:

A.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until another Vault is promoted as the new primary Vault.

B.

CPMs should access only the satellite Vaults.

C.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until the original primary Vault is operational again.

D.

CPM should access all Vaults - primary and the satellite.

Question 8

If a transparent user matches two different directory mappings, how does the system determine which user template to use?

Options:

A.

The system will use the template for the mapping listed first.

B.

The system will use the template for the mapping listed last.

C.

The system will grant all of the vault authorizations from the two templates.

D.

The system will grant only the vault authorizations that are listed in both templates

Question 9

In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA_Hardening.ps1 perform when run? (Choose two.)

Options:

A.

performs IIS hardening

B.

configures all group policy settings

C.

renames the local Administrator Account

D.

configures Windows Firewall

E.

imports the CyberArk INF configuration

Question 10

A customer's environment has three data centers consisting of 5,000 servers in Germany, 10,000 servers in Canada, and 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPMs should you deploy?

Options:

A.

1

B.

3 total, 1 per data center

C.

15

D.

6 total, 2 per data center

Question 11

-

The installCyberArkSSHD parameter on the PSM for SSH can be set to multiple values.

Match each value to the correct condition.

Options:

Question 12

Arrange the steps to install the Password Vault Web Access (PVWA) in the correct sequence.

Options:

Question 13

What is the purpose of the PSM health check hardening?

Options:

A.

Remove IIS settings which can be considered security vulnerabilities.

B.

Validate that the PSM is ready to be placed behind a load balancer.

C.

Confirm that the Windows Services for PSM are running on the server.

D.

Ensure that the AppLocker script does not have any syntax errors.

Question 14

A stand alone Vault server requires DNS services to operate properly.

Options:

A.

TRUE

B.

FALSE

Question 15

You are designing the number of PVWAs a customer must deploy. The customer has three data centers with a distributed Vault in each, requires high availability, and wants to use all Vaults at all times.

How many PVWAs does the customer need?

Options:

A.

six or more

B.

four

C.

two or less

D.

three

Question 16

Which method can be used to directly authenticate users to PSM for SSH? (Choose three.)

Options:

A.

CyberArk authentication Most Voted

B.

LDAP authentication Most Voted

C.

RADIUS authentication Most Voted

D.

Windows authentication

E.

SAML authentication

F.

OpenID Connect (OIDC) authentication

Question 17

You are beginning the post-install process after a manual PSM installation is completed.

What must you do?

Options:

A.

Disable screen saver for the PSM local users.

B.

Create a new group called PSMShadowUsers.

C.

Reset the PSMAdminConnect user password.

D.

Enable load balancing on the PSM server.

Question 18

A customer has three data centers distributed globally and wants highly-available PSM connections in each segmented zone. In addition, the customer needs a highly-available PSM connection for the CyberArk Admins.

What will best satisfy this customer's needs?

Options:

A.

one PSM per zone with a load balancer and two PSMs for Admins with a load balancer

B.

six PSMs in the mam data center with a load balancer and one PSM for Admins

C.

two PSMs per zone with a load balancer and two PSMs for Admins with a dedicated load balancer

D.

three PSMs per zone with CyberArk built-in load balancing

Question 19

The account used to install a PVWA must have ownership of which safes? (Choose two.)

Options:

A.

VaultInternal

B.

PVWAConfig

C.

System

D.

Notification Engine

E.

PVWAReports

Question 20

Which parameter must be identical for both the Identity Provider (IdP) and the PVWA?

Options:

A.

IdP “EntityID” and “PartnerIdentityProvider Name” in PVWA saml.config file

B.

IdP “User name” and “SingleSignOnServiceUrl” in PVWA saml.config file

C.

IdP “Audience” and “ServiceProviderName” in the PVWA saml.config file

D.

IdP “Secure hash algorithm” and “Certificate” in the PVWA saml.config file

Question 21

Which components support load balancing? (Choose two.)

Options:

A.

CPM

B.

PVWA

C.

PSM

D.

PTA

E.

EPV

Question 22

What is the purpose of the CPM_Preinstallation.ps1 script included with the CPM installation package?

Options:

A.

It prompts for input parameters that will be used to pre-populate form fields in the installation wizard.

B.

It automatically installs the CPM, requiring no additional user input.

C.

It allows you to install the CPM using a command line approach rather than using the installation wizard.

D.

It verifies the NET version installed on the server and sets the IIS SSL TLS server configuration.

Question 23

After installing the Vault, you need to allow Firewall Access for Windows Time service to sync with NTP servers 10.1.1.1 and 10.2.2.2.

What should you do?

Options:

A.

Edit DBParm.ini to add: AllowNonStandardFWAddresses=[10.1.1.1,10.2.2.2],Yes,123:outbound/udp. Most Voted

B.

Edit DBParm.ini to add: NTPServer=[10.1.1.1:123/UDP,10.2.2.2:123/UDP].

C.

Edit DBParm.ini to add: AllowNonStandardFWAddresses=[10.1.1.1,10.2.2.2],Yes,123:outbound/udp,123:inbound/udp.

D.

Edit the Windows Firewall configuration to add a rule for Port 123/udp outbound to 10.1.1.1 and 10.2.2.2.

Question 24

You are installing a CPM.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords and Manage Server File Categories, which Vault authorization(s) does a CyberArk user need to install the CPM?

Options:

A.

Manage Directory Mapping

B.

Activate Users

C.

Backup All Safes, Restore All Safes

D.

Audit Users, Add Network Areas

Question 25

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Options:

A.

TRUE

B.

FALSE

Question 26

What is a step to enable NTP synchronization on a stand-alone Vault?

Options:

A.

Run Powershell and add the NTP module.

B.

Restart the organization's NTP servers.

C.

Edit dbparm.ini and add a Firewall rule for the NTP address.

D.

Restart the Vault Event Notification Engine service.

Question 27

In which file must the attribute ‘SignAuthnRequest=”true”’ be added to the PartnerIdentityProvider element to support signed SAML requests?

Options:

A.

saml.config

B.

samlconfig.ini

C.

PVWAConfig.xml

D.

PVConfiguration.xml

Question 28

What is determined by the "MaxConcurrentConnections" setting within a platform?

Options:

A.

maximum number of concurrent connections that can be opened between the CPM and the remote machines for the platform

B.

maximum number of concurrent connections that can be between the PSM and the remote machines for the platform

C.

maximum number of concurrent connections allowed for a specific account on the platform through the PSM

D.

maximum number of concurrent connections to the Vault allowed for sending audit activities relating to the platform

Question 29

Which statements are correct about the PSM HTML5 gateway? (Choose two.)

Options:

A.

Smart card redirection is supported

B.

It does not support connections to target system where NLA is enabled on the PSM server

C.

SSH sessions cannot be established

D.

Printer redirection cannot be enabled

E.

It does not support session recording capabilities for applications that run outside a web browser

Question 30

You want to change the name of the PVWAappuser of the second PVWA server.

Which steps are part of the process? (Choose two.)

Options:

A.

Update PVWA.ini with new user name

B.

Update Vault.ini with new user name

C.

Create new user in PrivateArk

D.

Rename user in PrivateArk

E.

Create new cred file for user

Question 31

You are installing multiple PVWAs behind a load balancer.

Which statement is correct?

Options:

A.

Port 1858 must be opened between the load balancer and the PVWAs.

B.

The load balancer must be configured in DNS round robin.

C.

The load balancer must support "sticky sessions".

D.

The LoadBalancerClientAddressHeader parameter in the PVWA.ini file must be set.

Question 32

Which of the following are prerequisites for installing PVWA Check all that Apply.

Options:

A.

Web Services Role

B.

NET 4.5.1 Framework Feature

C.

Remote Desktop Services Role

D.

Windows BitLocker

Question 33

All 80 employees from your satellite Tokyo office are complaining that browsing the PVWA site is very slow; however, your New York headquarters users are not experiencing this. The current PAM solution is:

2 distributed Vaults, the primary one in New York and a satellite in Tokyo

2 PVWA servers, both in New York with load balancing configured

2 PSM servers, both in New York without load balancing configured

1 CPM server in New York

All PVWA, PSM, and CPM servers are connected to the primary Vault

Which proposal optimally resolves the performance issue while minimizing the impact to production?

Options:

A.

Install two new PVWA servers in Tokyo data center, configure load balancing, connect to the local satellite Vault and provide the URL of new PVWA servers to the local employees.

B.

Install two new PVWA servers in New York data center, configure load balancing and have them connect to the satellite Vault in Tokyo.

C.

Install two new PSM servers in the Tokyo data center, configure load balancing, connect to the local satellite vault, and inform the local employees to browse using the same PVWA URL.

D.

Change the current distributed Vaults architecture, migrate back to a Primary-DR architecture, install two new PVWA servers in the Tokyo data center and configure load balancing. Connect to the local DR Vault and provide the URL of new PVWA servers to the local employees.

Question 34

Which statement is correct about a post-install hardening?

Options:

A.

The Vault must be hardened during the Vault installation process. Most Voted

B.

After the Vault server is installed, you must join the server to the Enterprise Domain and reboot the host.

C.

It is executed after Vault installation by running CAVaultHarden.exe and hardening options can be edited by changing the Hardening.ini file. Most Voted

D.

If it is mandated by an organization’s IT governance, you do not have to execute Vault hardening; however, server hardening cannot be reversed.

Question 35

You need to add a new PSM server to an existing CyberArk environment.

What is the best way to determine the sizing of this server?

Options:

A.

Review the “Recommended Server Specifications” for PSMs in the CyberArk Documents website. Most Voted

B.

Use the specifications of any existing PSM and request a server of the same size.

C.

Use the CyberArk Support Knowledgebase, search for “PSM Sizing” and locate the Knowledgebase article related to sizing.

D.

Refer to the Microsoft Windows website, determine the minimum specifications required for the Operating System you are installing, and then add 4 Gb of RAM and 20 GB of disk.

Question 36

A customer asked you to help scope the company's PSM deployment.

What should be included in the scoping conversation?

Options:

A.

Recordings file path

B.

Recordings codec

C.

Recordings retention period

D.

Recordings file type

Question 37

At what point is a transparent user provisioned in the vault?

Options:

A.

When a directory mapping matching that user id is created.

B.

When a vault admin runs LDAP configuration wizard.

C.

The first time the user logs in.

D.

During the vault's nightly LD|^P refresh

Question 38

The PrivateArk clients allows a user to view the contents of the vault like a filesystem.

Options:

A.

TRUE

B.

FALSE

Question 39

As Vault Admin, you have been asked to enable your organization's CyberArk users to authenticate using LDAP.

In addition to Audit Users, which permission do you need to complete this task?

Options:

A.

Add Network Areas

B.

Manage Directory Mapping

C.

Add/Update Users

D.

Activate Users

Question 40

Which command should be executed to harden a Vault after registering it to Azure?

Options:

A.

HardenAzureFW.ps1 Most Voted

B.

ExecuteStage ./Hardening/HardeningConf.xml

C.

HardenVaultFW.ps1

D.

ExecuteStage ./PostInstallation/PostInstallation.xml

Page: 1 / 10
Total 136 questions
Get PAM-SEN Full Access Download PAM-SEN PDF