New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CyberArk SECRET-SEN Dumps Questions Answers

Page: 1 / 5
Total 60 questions

CyberArk Sentry Secrets Manager Questions and Answers

Question 1

What is a main advantage of using dual accounts in password management?

Options:

A.

Since passwords are cached for both rotation accounts, it ensures the password for an application will not be changed, reducing the amount of blackout dates when a password expires.

B.

It ensures passwords are rotated every 90 days, which respects the expected downtime for a system, database, or application

C.

It ensures no delays are incurred when the application needs credentials because a password that is currently used by an application will never be changed

D.

Since there are two active accounts, it doubles the probability that a system, database, or application will successfully authenticate.

Buy Now
Question 2

Where can all the self-signed/imported certificates be found in Conjur?

Options:

A.

/opt/conjur/etc/ssl from the Conjur containers

B.

/opt/conjur/certificates from the Conjur containers

C.

/opt/cyberark/dap/certs from the Conjur containers

D.

Log in to the Conjur UI > Conjur Cluster > Certificates > view.

Question 3

When attempting to retrieve a credential managed by the Synchronizer, you receive this error:

What is the cause of the issue?

Options:

A.

The Conjur Leader has lost upstream connectivity to the Vault Conjur Synchronizer.

B.

The host does not have access to the credential.

C.

The path to the credential was not properly encoded.

D.

The Vault Conjur Synchronizer has crashed and needs to be restarted.

Question 4

Followers are replications of the Leader configured for which purpose?

Options:

A.

synchronous replication to ensure that there is always an up-to-date database

B.

asynchronous replication from the Leader which allows secret reads at scale

C.

asynchronous replication from the Leader with read/write operations capability

D.

synchronous replication to ensure high availability

Question 5

What is the most maintenance-free way to ensure a Conjur host’s access reflects any changes made to accounts in a safe in the CyberArk vault?

Options:

A.

Write an automation script to update and load the host’s policy using PATCH/update.

B.

Use yami anchor [&] and wildcard (*) syntax to maintain its list of permission grants.

C.

Grant the consumers group/role created by the Synchronizer for the Safe to the host.

D.

Use PVWA to add the Conjur host ID as a member of the Safe.

Question 6

When installing the CCP and configuring it for use behind a load balancer, which authentication methods may be affected? (Choose two.)

Options:

A.

Allowed Machines authentication

B.

[Client Certificate authentication

C.

OS User

D.

Path

E.

Hash

Question 7

You are installing a Credential Provider on a Linux host. Arrange the installation steps in the correct sequence.

Options:

Question 8

A customer wants to minimize the Kubernetes application code developers must change to adopt Conjur for secrets access.

Which solutions can meet this requirement? (Choose two.)

Options:

A.

CPM Push-to-File

B.

Secrets Provider

C.

authn-Azure

D.

Secretless

E.

Application Server Credential Provider

Question 9

When working with Summon, what is the purpose of the secrets.yml file?

Options:

A.

It is where Summon outputs the secret value after retrieval.

B.

It is where you define which secrets to retrieve.

C.

It is where you store the Conjur URL and host API key.

D.

It is the log file for Summon.

Question 10

An application is having authentication issues when trying to securely retrieve credential’s from the Vault using the CCP webservices RESTAPI. CyberArk Support advised that further debugging should be enabled on the CCP server to output a trace file to review detailed logs to help isolate the problem.

What best describes how to enable debug for CCP?

Options:

A.

Edit web.config. change the “AIMWebServiceTrace” value, restart Windows Web Server (IIS)

B.

In the PVWA, go to the Applications tab, select the Application in question, go to Options > Logging and choose Debug.

C.

From the command line, run appprvmgr.exe update_config logging=debug.

D.

Edit the basic_appprovider.conf, change the “AIMWebServiceTrace" value, and restart the provider.

Question 11

Refer to the exhibit.

In which example will auto-failover occur?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 12

If you rename an account or Safe, the Vault Conjur Synchronizer recreates these accounts and safes with their new name and deletes the old accounts or safes.

What does this mean?

Options:

A.

Their permissions in Coniur must also be recreated to access them.

B.

Their permissions in Coniur remain the same.

C.

You can not rename an account or safe.

D.

The Vault-Conjur Synchronizer will recreate these accounts and safes with their exact same names.

Question 13

While troubleshooting an issue with accounts not syncing to Conjur, you see this in the log file:

What could be the issue?

Options:

A.

Connection timed out to the Vault.

B.

Safe permissions for the LOB user are incorrect.

C.

Connection timed out during loading policy through SDK.

D.

At first Vault Conjur Synchronizer start up, the number of LOBs is exceeded.

Question 14

How many Windows and Linux servers are required for a minimal Conjur deployment that integrates with an existing CyberArk PAM Vault environment, supports high availability, and is redundant across two geographically disparate regions?

Options:

A.

5 Linux servers, 2 Windows servers

B.

9 Linux servers, 2 Windows servers

C.

3 Linux servers, 1 Windows server

D.

10 Linux servers, 2 Windows server

Question 15

You are enabling synchronous replication on Conjur cluster.

What should you do?

Options:

A.

Execute this command on the Leader:

docker exec sh –c”

evoke replication sync that

*

B.

Execute this command on each Standby:

docker exec sh –c”

evoke replication sync that

*

C.

In Conjur web UI, click the Tools icon in the top right corner of the main window.

Choose Conjur Cluster and click “Enable synchronous replication” in the entry for Leader.

D.

In Conjur web UI, click the Tools icon in the top right corner of the main window.

Choose Conjur Cluster and click “Enable synchronous replication” in the entry for Standbys.

Question 16

Match each use case to the appropriate Secrets Manager Solution.

Options:

Question 17

Which statement is true for the Conjur Command Line Interface (CLI)?

Options:

A.

It is supported on Windows, Red Hat Enterprise Linux, and macOS.

B.

It can only be run from the Conjur Leader node.

C.

It is required for working with the Conjur REST API.

D.

It does not implement the Conjur REST API for managing Conjur resources.

Question 18

A customer has 100 .NET applications and wants to use Summon to invoke the application and inject secrets at run time.

Which change to the NET application code might be necessary to enable this?

Options:

A.

It must be changed to include the REST API calls necessary to retrieve the needed secrets from the CCP.

B.

It must be changed to access secrets from a configuration file or environment variable.

C.

No changes are needed as Summon brokers the connection between the application and the backend data source through impersonation.

D.

It must be changed to include the host API key necessary for Summon to retrieve the needed secrets from a Follower

Page: 1 / 5
Total 60 questions