Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?
- A . Password change
- B . Password reconciliation
- C . Session suspension
- D . Session termination
A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PTA/SecurityConfiguration.htm
dbparm.ini is the main configuration file for the Vault.
- A . True
- B . False
A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASREF/DBParm.ini.htm
When working with the CyberArk High Availability Cluster, which services are running on the passive node?
- A . Cluster Vault Manager and PrivateArk Database
- B . Cluster Vault Manager, PrivateArk Database and Remote Control Agent
- C . Cluster Vault Manager
- D . Cluster Vault Manager and Remote Control Agent
C
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Managingthe-CyberArk-Digital-Cluster-Vault-Server.htm
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.
- A . True, this is the default behavior.
- B . False, the Vault administrator must manually set the DR Vault to DR mode by setting "FailoverMode=no" in the padr.ini file.
- C . True, if the AllowFailback setting is set to "yes" in the padr.ini file.
- D . False, the Vault administrator must manually set the DR Vault to DR mode by setting "FailoverMode=no" in the dbparm.ini file.
A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.3/en/Content/PASIMP/InitiatingDR-Failback-to-Production-Vault.htm
Which onboarding method is used to integrate CyberArk with the accounts provisioning process?
- A . Accounts Discovery
- B . Auto Detection
- C . Onboarding RestAPI functions
- D . PTA rules
B
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Provisioning-Accounts-Automatically.htm
Which file is used to open up a non-standard firewall port to the Vault?
- A . dbparm.ini
- B . PARagent.ini
- C . passparm.ini
- D . Vault.ini
When using multiple Central Policy Managers (CPM), which one of the following Safes is shared by all CPMs?
- A . PasswordManager
- B . PasswordManager_Pending
- C . PasswordManager_workspace
- D . PasswordManager_ADIntemal
A
Explanation:
Reference: https://www.niap-ccevs.org/MMO/Product/st_vid11006-agd4.pdf (558)
What are the functions of the Remote Control Agent service? (Choose three.)
- A . Allows remote monitoring the Vault
- B . Sends SNMP traps from the Vault
- C . Maintains audit data
- D . Allows CyberArk services to be managed (start/stop/status) remotely
ABD
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Privileged-Account-Security-Remote-Administration.htm#:~:text=The%20CyberArk%20Vault%20Remote%20Control,and%20the%20Disaster%20Recovery%20Server
In a Distributed Vaults environment, which of the following components will NOT be communicating with the Satellite Vaults?
- A . AAM Credential Provider (previously known as AIM Credential Provider)
- B . ExportVaultData utility
- C . PAReplicate utility
- D . Central Policy Manager
When managing SSH keys, the Central Policy Manager (CPM) stores the private key __________.
- A . in the Vault
- B . on the target server
- C . in the Vault and on the target server
- D . nowhere because the private key can always be generated from the public key
A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Managing %20SSH%20Keys.htm
The PSM requires the Remote Desktop Web Access role service.
- A . True
- B . False
A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Before-Installing-PSM.htm
Access control to passwords is implemented by __________.
- A . Vault authorizations
- B . Safe authorizations
- C . Master Policy
- D . platform settings
B
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/ObjectLevel-Access-Control.htm
During the process of installing the Central Policy Manager (CPM), the Vault administrator will be asked to provide the credentials for an administrative user in the Vault.
For which purpose are these credentials used?
- A . The credentials will be used later by the CPM to retrieve passwords from the Vault.
- B . The credentials are used by the installer to register the CPM in the CyberArk database.
- C . The credentials are used by the installer to authenticate to the Vault and create the Central Policy Manager (CPM) environment (Safes, users. etc.).
- D . The credentials will be used later by the CPM to update passwords in the Vault.
What is the purpose of the password verify process?
- A . To test that CyberArk is storing accurate credentials for accounts.
- B . To change the password of an account according to organizationally defined password rules.
- C . To allow CyberArk to manage unknown or lost credentials.
- D . To generate a new complex password.
A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/VerifyingPasswords.htm#:~:text=The%20CPM%20can%20verify%20password,manually%20by%20an%20authorized%20user
For a Safe with object level access control enabled the Vault administrator is able to turn off object level access control when it no longer needed on the Safe.
- A . True
- B . False
B
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/ObjectLevel-Access-Control.htm