New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CyberArk ACCESS-DEF Dumps Questions Answers

Page: 1 / 5
Total 64 questions

CyberArk Defender Access (ACC-DEF) Questions and Answers

Question 1

For each statement listed, indicate if it may be a potential cause of this problem.

Options:

Buy Now
Question 2

Match each Web App Connector to the phrase that best describes its service offering.

Options:

Question 3

Which statement is true about the app gateway?

Options:

A.

For applications that use the App Gateway, the connection from the user travels the same network pathways you already have and CyberArk Identity connects to the CyberArk Identity Connector through the firewall.

B.

For applications that use the App Gateway, the connection from the user travels different network pathways and CyberArk Identity connects to the CyberArk Identity Connector through a separate connection from the firewall.

C.

On the App Gateway page, you can configure the application to enable users to access it if they are logging in from an external location.

D.

App gateway supports on-premises apps and web applications running on HTTPS only.

Question 4

ACME Corporation employees access critical business web applications through CyberArk Identity. You notice a constant high volume of unauthorized traffic from 103.1.200.0/24 trying to gain access to the CyberArk Identity portal. Access to the CyberArk Identity portal is time sensitive. ACME decides to enforce IP restrictions to reduce vulnerability.

Which configuration can help achieve this?

Options:

A.

Loginin to the CyberArk Identity Admin portal and define the IP range of 103 1 200 0/24 into the ACME Corporation IP range.

B.

Login to the CyberArk Identity Admin portal and define the IP range of 103 1 200 0/24 into the blocked IP range.

C.

Implement device trust through the Windows Cloud Agent.

D.

Implement zero trust through the AppGateway.

Question 5

Refer to the exhibit.

This exhibit shows the base authentication policy for ACME Corporation. You must edit the policy to allow users to authenticate once if they fulfill certain authentication criteria.

How should you configure this policy to support BOTH?

Options:

A.

Configure "Challenge Pass-Through Duration" to be "always".

B.

ConfigureFID02 authenticator as Challenge 1.

C.

ConfigureFID02 authenticator as Challenge 2.

D.

Configure QR Code as "Single Authentication Mechanism".

Question 6

Within a Web App connector, which feature does an admin use to grant users access?

Options:

A.

Trust

B.

Workflow

C.

Provisioning

D.

Permissions

Question 7

Which device enrollment settings are valid? (Choose two.)

Options:

A.

Send notification on device enrollment

B.

Enable invite based enrollment

C.

Minimum number of devices a user can enroll

D.

Reassign the device to another user

E.

E.Permanently delete device

Question 8

What is considered an "Identity Provider Initiated" login to an application?

Options:

A.

After signingin to the CyberArk Identity portal, a userlaunches a SAML app by clickingan apptile.

B.

After visitinga third-party web app, a user is redirected to CyberArk Identity for authentication.

C.

A user visits a third party web appdirectly and signs in with local credentials.

D.

A user signs in to the CyberArk Identity portal and takes a screenshot of the portal to send to IT.

Question 9

Your team is deploying endpoint authentication onto the corporate endpoints within an organization. Enrollment details include when the enrollment must be completed, and the enrollment code was sent out to the users. Enrollment can be performed in the office or remotely (without the assistance of an IT support engineer). You received feedback that many users are unable to enroll into the system using the enrollment code.

What can you do to resolve this? (Choose two.)

Options:

A.

Set maximum number of joinable endpointsto "unlimited".

B.

Set Expiry Date to "Never".

C.

Set the IP Address range to the user's" home network range.

D.

Set a description within the enrollment code.

E.

Reinstall Windows Device Trust.

Question 10

You get the following error: "Not Authorized. You do not have permission to access this feature".

What is most likely the cause of the error?

Options:

A.

A user tried to sign in to the wrong identity tenant.

B.

A user tried to sign in before being created in Active Directory.

C.

A user gave someone else access to his/her laptop.

D.

A non-administrative user tried to access an administrative feature.

Question 11

Which settings can help minimize the number of 2FA / MFA prompts? (Choose two.)

Options:

A.

Challenge Pass-Through Duration

B.

RADIUS Connections

C.

OATH OTP

D.

IP Address filter

E.

Port mapping

Question 12

You are tasked to enforce certificate based authentication onto all the domain-joined Windows machines within your organization. Based on the inventory record, there are 1000 Windows machines, which include 150 standalone Windows machines. The enrollment will be conducted from either the office network or through the Virtual Private Network (VPN).

Which parameter(s) should you define within the enrollment code to ensure the security of the code and that only the authorized endpoints get registered?

Options:

A.

Set an expiration date defining when the code should expire.

B.

Specify the maximum number of devices that can be enrolled.

C.

Define the enrollment code to only the specific office/VPN IP network segment.

D.

Define that only Linux machines may be enrolled.

Question 13

Where can you download the CyberArk Identity mobile app? (Choose two.)

Options:

A.

Download section of the Admin Portal

B.

Support portal

C.

Apple Agp Store

D.

email attachment

E.

Google Play Store

Question 14

Match each User Portal tab to the correct description.

Options:

Question 15

An organization previously allowed users to add their personal apps on the Identity User Portal. This will soon be disabled due to policy changes.

What is the impact to the users for personal apps previously added to the User Portal?

Options:

A.

They will continue to function normally; however, users cannot add new apps.

B.

They will continue to display on the Apps screen and user devices; however, they will be greyed out and unavailable for any form of interaction.

C.

They will be deleted from the Apps screen and user devices.

D.

They will continue to display on the Apps screen and user devices; however, an error message will display when users try to open the application.

Question 16

When a user enrolls a mobile device (iOS or Android) without enabling mobile device management, what happens? (Choose three.)

Options:

A.

The device is added to the Endpoints page in the Admin and User portals.

B.

The web applications assigned to the user are added to the Web Apps screen in the CyberArk Identity mobile app.

C.

The associated mobile applications are added and available for deployment automatically.

D.

The mobile device policies defined in the CyberArk Cloud Directory policy service policy set are installed.

E.

The device's model name, serial number. OS number, and Network Carrier information will be uploaded to the Identity portal.

F.

The mobile phone can now be used as a MFA Authentication Factor

Question 17

Refer to the exhibit.

Which statements are correct regarding this Authentication Policy? (Choose two.)

Options:

A.

Users will still be asked for their MFA even if they mistyped their username.

B.

If users have set up CyberArk Mobile Authenticator as an MFA, they will still receive the Push Notification to confirm the request even if they mistyped their password.

C.

Users will not be notified which challenge they failed if their login attempt failed.

D.

If users have set up a Security Question as an MFA, the Security Question will not be displayed to the user to answer even if they mistyped their password.

E.

If the first factor is password and the user is an Active Directory user and the Active Directory is unavailable, this setting does not matter because the user will not be able to authenticate through Active Directory credentials and will see the message "Active Directory not available".

Question 18

What is the most likely reason a CyberArk Identity admin would turn on the "Provisioning" feature within a Web App connector?

Options:

A.

to ensure users are automatically on-boarded and off-boarded in a third-party application

B.

to ensure users are provisioned with the appropriate devices when they start

C.

to ensure the web app appears in the users' CyberArk Identity portal when they first sign in

D.

to create an audit log of everytime users sign into the web app

Question 19

Your Chief Executive Officer lost his phone and cannot perform MFA to log in to work.

How can you enable him to bypass MFA right away and not delay his work?

Options:

A.

Add a security question to his account on his behalf.

B.

Ask him to configure on-device authenticator.

C.

Ask him to change his phone PIN.

D.

Select theMFA Unlock action for him through the Admin Portal.

Page: 1 / 5
Total 64 questions