Vce CPC-CDE-RECERT Questions Latest

When implementing LDAPS Integration for a standard Privilege Cloud environment, certain information is crucial and must be provided to the CyberArk Privilege Cloud support team through a Service Request. The necessary details include:

LDAPS certificate chain for all domain controllers to be integrated (Option A): This information is critical to establishing a trusted secure connection between the Privilege Cloud and the domain controllers using LDAP over SSL (LDAPS).

Fully Qualified Domain Name and IP Address of the domain controllers to be integrated (Option D): This information is essential for accurately identifying and configuring the network connections to each domain controller that will be integrated with the Privilege Cloud.

In CyberArk Privilege Cloud / PSM deployments, PSM Health Check is implemented as a dedicated PSM Web Service on each PSM node (typically used by a load balancer to query application-level health). (docs.cyberark.com)

Because the Health Check relies on IIS, CyberArk includes PSM Health Check hardening activities as part of the setup. These hardening activities specifically focus on reducing IIS exposure by removing default/unused IIS components (for example, CyberArk documents that the setup deletes IIS application pools such as “Classic .NET AppPool”, “.NET v2.0”, “.NET v4.5”, etc.). This is a hardening action aimed at minimizing IIS attack surface / insecure defaults—i.e., removing IIS settings/configurations that could be considered security vulnerabilities. (docs.cyberark.com)

Why the other options are not the “purpose”:

B: While Health Check is used for load balancer health probing, “hardening” is not about validating readiness for a load balancer; it’s about tightening IIS-related configuration. (docs.cyberark.com)

C: Service-running checks are part of health determination, but the hardening step is described in docs in terms of IIS hardening activities (like deleting app pools), not just confirming services. (docs.cyberark.com)

D: AppLocker is part of PSM hardening overall, but it’s not the purpose of PSM Health Check hardening (which is IIS-focused). (docs.cyberark.com)

CyberArk’s PSM for SSH administration documentation explains how to create maintenance access by updating the SSH daemon configuration:

In /etc/ssh/sshd_config, add an AllowGroups entry that includes the maintenance group(s):AllowGroups PSMConnectUsers ..

This matches option C exactly: you enable the additional maintenance user by placing them in the group(s) referenced by AllowGroups in sshd_config.

CyberArk’s hardening instructions for SUSE (manual hardening) explicitly require:

Updating the SSH daemon configuration in /etc/ssh/sshd_config (for example, removing SFTP subsystem definitions and setting multiple hardening-related attributes such as disabling forwarding features).

Ensuring the credential file for the PSM for SSH gateway user (psmpgwuser.cred) has the required permissions 640 (default path shown as /etc/opt/CARKpsmp/Vault/psmpgwuser.cred).

Those map directly to A and C.