Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CyberArk PAM-CDE-RECERT Dumps Questions Answers

CyberArk CDE Recertification Questions and Answers

Question 1

What is the purpose of a linked account?

Options:

A.

To ensure that a particular collection of accounts all have the same password.

B.

To ensure a particular set of accounts all change at the same time.

C.

To connect the CPNI to a target system.

D.

To allow more than one account to work together as part of a password management process.

Buy Now
Question 2

The password upload utility must run from the CPM server

Options:

A.

TRUE

B.

FALSE

Question 3

Which tools are used during a CPM renaming process?

Options:

A.

APIKeyManager Utility

B.

CreateCredFile Utility

C.

CPMinDomain_Hardening.ps1

D.

PMTerminal.exe

E.

Data Execution Prevention

Question 4

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Options:

A.

on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

B.

on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Question 5

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

Options:

A.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway

B.

Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers

C.

Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway

D.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details

Question 6

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

Options:

A.

Operating System Username

B.

Host IP Address

C.

Client Hostname

D.

Operating System Type (Linux/Windows/HP-UX)

E.

Vault IP Address

F.

Time Frame

Question 7

You are installing HTML5 gateway on a Linux host using the RPM provided. After installing the Tomcat webapp, what is the next step in the installation process?

Options:

A.

Deploy the HTML5 service (guacd)

B.

Secure the connection between the guacd and the webapp

C.

Secure the webapp and JWT validation endpoint

D.

Configure ASLR

Question 8

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Options:

A.

Create an exception to the Master Policy to exclude the group from the workflow process.

B.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

C.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

D.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

Question 9

Match the built-in Vault User with the correct definition.

Options:

Question 10

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Options:

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Question 11

You need to move a platform from using PMTerminal to using Terminal Plugin Controller (TPC) What must you do?

Options:

A.

Within PVWA

Click Administration > Platform Management

Select the platform and then click Edit.

In the left pane, click Automatic Password Management > CPM Plug-in

Set the ExeName parameter value to CyberArk TPC exe

B.

Using PnvateArk. select the PasswordManager_Shared safe, and then select open Locate the mi file relating to the platform you wish to change and double click

At the bottom of the file, insert a line "UseTPC = True" Remove any lines that reference "PMTerminal" and save Return the mi file to the safe Restart CPM for this change to take effect

C.

Open the process file of the platform you wish to configure to use TPC Add the following parameter under the States section; "use TPC=yes"

D.

It is not possible to change a platform from using PMTerminal to using TPC You must locate a new version of the platform that supports TPC and import the new platform over-writing the existing platform

Question 12

Match each PTA alert category with the PTA sensors that collect the data for it.

Options:

Question 13

Match each key to its recommended storage location.

Options:

Question 14

CyberArk user Neil is trying to connect to the Target Linux server 192.168.1.64 using a domain account ACME/linuxuser01 on Domain Acme.corp using PSM for SSH server 192.168.65.145. What is the correct syntax?

Options:

A.

Ssh neil@linuxuser01:acme.corp@192.168.1.64@192.168.1.45

B.

Ssh neil@linuxuser01#acme.corp@192.168.1.64@192.168.1.45

C.

Ssh neil@linuxuser01@192.168.1.64@192.168.65.145

D.

Ssh neil@linuxuser01@acme.corp@192.168.1.64@192.168.1.45

Question 15

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

Options:

A.

Retention period

B.

Number of PSMs

C.

Number of users

D.

Number of targets

Question 16

You are creating a new Rest API user that utilizes CyberArk Authentication.

What is a correct process to provision this user?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User

B.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add

C.

PVWA > User Provisioning > LDAP Integration > Add Mapping

D.

PVWA > User Provisioning > Users and Groups > New > User

Question 17

Secure Connect provides the following. Choose all that apply.

Options:

A.

PSM connections to target devices that are not managed by CyberArk.

B.

Session Recording

C.

Real-time live session monitoring.

D.

PSM connections from a terminal without the need to login to the PVWA

Question 18

Which step is required to register a Vault manually in Amazon Web Services using CAVaultManager?

Options:

A.

Specify Amazon as the cloud vendor using the CloudVendor Flag

B.

After running the postinstall utility, restart the "PrivateArk Server" service

C.

Specify the Cloud region using the /CloudRegion flag

D.

Specify whether the Vault is distributed or stand alone

Question 19

In your organization the “click to connect” button is not active by default.

How can this feature be activated?

Options:

A.

Policies > Master Policy > Allow EPV transparent connections > Inactive

B.

Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

C.

Policies > Master Policy > Allow EPV transparent connections > Active

D.

Policies > Master Policy > Password Management

Question 20

A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.

What is the correct location to identify users or groups who can approve?

Options:

A.

PVWA> Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control> Approvers

B.

PVWA> Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests

C.

PVWA> Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers

D.

PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership)

Question 21

Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

Options:

A.

TRUE

B.

FALS

Question 22

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALS

Question 23

Accounts Discovery allows secure connections to domain controllers.

Options:

A.

TRUE

B.

FALSE

Question 24

To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes.

Which configuration is correct?

Options:

A.

Require privileged session monitoring and isolation = inactive; Record and save session activity = active.

B.

Require privileged session monitoring and isolation = inactive; Record and save session activity = inactive.

C.

Require privileged session monitoring and isolation = active; Record and save session activity = active.

D.

Require privileged session monitoring and isolation = active; Record and save session activity = inactive.

Question 25

You are responsible for installing a CPM.

Which Vault authorizations will your CyberArk user need to install the CPM?

Options:

A.

Add Safes. Add/Update Users Manage Directory Mapping

B.

Add Safes. Add/Update Users. Reset Users' Passwords, Activate Users, Manage Server File Categories

C.

Manage Directory Mapping Backup All Safes. Restore Ail Safes

D.

Audit Users Activate Users Add Network Areas Manage Directory Mapping

Question 26

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

Options:

A.

TRUE

B.

FALSE

Question 27

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

Options:

A.

PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM SSH Proxy)

D.

All of the above

Question 28

Which is the primary purpose of exclusive accounts?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Question 29

Which components support fault tolerance.

Options:

A.

CPM and PVWA

B.

PVWA and PSM

C.

PSM and PTA

D.

CPM and PTA

Question 30

You are creating a shared safe for the help desk.

What must be considered regarding the naming convention?

Options:

A.

Ensure your naming convention is no longer than 20 characters.

B.

Combine environments, owners and platforms to minimize the total number of safes created.

C.

Safe owners should determine the safe name to enable them to easily remember it.

D.

The use of these characters V:*<>".| is not allowed.

Question 31

Match each permission to where it can be found.

Options:

Question 32

Which components can connect to a satellite Vault in distributed Vault architecture?

Options:

A.

CPM, EPM, PTA

B.

PVWA, PSM

C.

CPM,PVWA, PSM

D.

CPM, PSM

Question 33

The System safe allows access to the Vault configuration files.

Options:

A.

TRUE

B.

FALS

Question 34

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

Options:

A.

PSM-SSH Connection Component

B.

UnixPrompts.ini

C.

UnixProcess.ini

D.

PSM-RDP Connection Component

Question 35

Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation.

Options:

A.

255.255.255.255

B.

8.8.8.8

C.

192.168.1.1

D.

1.1.1.1

Question 36

You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission.

Where do you update this permission for all auditors?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Vault Authorizations

B.

Private Ark Client > Tools > Administrative Tools > Users and Groups > Auditors > Authorizations tab

C.

PVWA User Provisioning > LDAP integration > Vault Auditors Mapping > Vault Authorizations

D.

PVWA> Administration > Configuration Options > LDAP integration > Vault Auditors Mapping > Vault Authorizations

Question 37

A logon account can be specified in the platform settings.

Options:

A.

True

B.

False

Question 38

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to [b]change [/b] the root account’s password the CPM will…..

Options:

A.

Log in to the system as root, then change root's password

B.

Log in to the system as the logon account, then change roofs password

C.

Log in to the system as the logon account, run the su command to log in as root, and then change root’s password.

D.

None of these

Question 39

Which report shows the accounts that are accessible to each user?

Options:

A.

Activity report

B.

Entitlement report

C.

Privileged Accounts Compliance Status report

D.

Applications Inventory report

Question 40

In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

Options:

A.

Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server’s root account.

B.

Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server’s root account.

C.

Configure the Unix system to allow SSH logins.

D.

Configure the CPM to allow SSH logins.

Question 41

Which of the following components can be used to create a tape backup of the Vault?

Options:

A.

Disaster Recovery

B.

Distributed Vaults

C.

Replicate

D.

High Availability

Question 42

When on-boarding account using Accounts Feed, Which of the following is true?

Options:

A.

You must specify an existing Safe where are account will be stored when it is on boarded to the Vault

B.

You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault.

C.

You can specify the name of a new Platform that will be created and associated with the account

D.

Any account that is on boarded can be automatically reconciled regardless of the platform it is associated with.

Question 43

A Logon Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Question 44

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:

A.

Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.

C.

In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.

Question 45

Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.

Which steps should you perform to restore DR replication to normal?

Options:

A.

Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

B.

Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

C.

Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

D.

Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

Question 46

Which user(s) can access all passwords in the Vault?

Options:

A.

Administrator

B.

Any member of Vault administrators

C.

Any member of auditors

D.

Master

Question 47

CyberArk recommends implementing object level access control on all Safes.

Options:

A.

True

B.

False

Question 48

Which pre-requisite step must be completed before installing a Vault?

Options:

A.

Join the server to the domain

B.

install a clean operating system

C.

install anti-virus software

D.

Copy the master CD to a folder on the Vault server

Question 49

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

Options:

A.

TRUE

B.

FALSE

Question 50

Which of the Following can be configured in the Master Poky? Choose all that apply.

Options:

A.

Dual Control

B.

One Time Passwords

C.

Exclusive Passwords

D.

Password Reconciliation

E.

Ticketing Integration

F.

Required Properties

G.

Custom Connection Components

Question 51

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Options:

A.

True

B.

False, a user can submit the request after the connection has already been initiated via the PSM for Windows

Question 52

Which PTA sensors are required to detect suspected credential theft?

Options:

A.

Logs, Vault Logs

B.

Logs, Network Sensor, Vault Logs

C.

Logs, PSM Logs, CPM Logs

D.

Logs, Network Sensor, EPM

Question 53

You have been asked to design the number of PVWAs a customer must deploy. The customer has three data centers with a distributed vault in each, requires high availability, and wants to use all vaults, at all times. How many PVWAs does the customer need?

Options:

A.

six

B.

four

C.

two

D.

three

Question 54

Which of the following options is not set in the Master Policy?

Options:

A.

Password Expiration Time

B.

Enabling and Disabling of the Connection Through the PSM

C.

Password Complexity

D.

The use of “One-Time-Passwords”

Question 55

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Question 56

In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA Hardening.ps1 perform when run?

Options:

A.

Performs IIS hardening: Imports the CyberArk INF configuration

B.

Performs IIS hardening: Configures all group policy settings

C.

Performs IIS hardening: Renames the local Administrator Account

D.

Configures Windows Firewall: Removes all installation files.

Question 57

A customer's environment three data centers, consisting of 5,000 servers in Germany, 10,000 servers in Canada, 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPM's should you deploy?

Options:

A.

1

B.

3, total, 1 per data center

C.

15

D.

6, total, 2 per data center

Question 58

By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

Options:

A.

Vault Admins

B.

Security Admins

C.

Security Operators

D.

Auditors

Question 59

Platform settings are applied to _________.

Options:

A.

The entire vault.

B.

Network Areas

C.

Safes

D.

Individual Accounts

Question 60

What is the maximum number of levels of authorization you can set up in Dual Control?

Options:

A.

1

B.

2

C.

3

D.

4

Question 61

Your customer has five main data centers with one PVWA in each center under different URLs. How can you make this setup fault tolerant?

Options:

A.

This setup is already fault tolerant

B.

Install more PVWAs in each data center

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered

D.

Load balance all PVWAs under same urL

Question 62

Which option in the PrivateArk client is used to update users' Vault group memberships?

Options:

A.

Update > General tab

B.

Update > Authorizations tab

C.

Update > Member Of tab

D.

Update > Group tab

Question 63

Users are unable to launch Web Type Connection components from the PSM server. Your manager asked you to open the case with CyberArk Support.

Which logs will help the CyberArk Support Team debug the issue? (Choose three.)

Options:

A.

PSMConsole.log

B.

PSMDebug.log

C.

PSMTrace.log

D.

.Component.log

E.

PMconsole.log

F.

ITAlog.log

Question 64

A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

Options:

A.

createcredfile.exe

B.

cavaultmanager.exe

C.

PrivateArk

D.

PVWA

Question 65

When creating Distributed Vault environment architecture, what is the maximum number of Vault servers that can be deployed''

Options:

A.

5 - number of primary and satellite Vaults can be specified during installation

B.

3- all primary

C.

6-1 primary and 5 satellite

D.

10-2 primary and 8 satellite

Question 66

Which of these accounts onboarding methods is considered proactive?

Options:

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan