SECRET-SEN Exam Dumps : CyberArk Sentry Secrets Manager

This is the correct answer because a minimal Conjur deployment that integrates with an existing CyberArk PAM Vault environment, supports high availability, and is redundant across two geographically disparate regions requires the following servers:

• 2 Linux servers for the Conjur master cluster, one in each region. The master cluster consists of a leader and a standby node that can automatically failover in case of a leader failure. The leader node performs read/write operations on the Conjur database and policy engine, while the standby node replicates the leader data and can be promoted to leader if needed. The master cluster also hosts the Conjur UI and API endpoints.
• 4 Linux servers for the Conjur follower clusters, two in each region. The follower clusters consist of one or more follower nodes that perform read-only operations on the Conjur database and policy engine, such as authentication, authorization, and secret retrieval. The follower clusters are horizontally scalable and can be configured behind a load balancer to handle high volumes of requests from applications and clients. The follower clusters also host the Conjur Synchronizer service, which synchronizes secrets from the CyberArk PAM Vault to the Conjur database.
• 2 Linux servers for the Conjur seed fetcher service, one in each region. The seed fetcher service is a utility that runs on a separate server and periodically fetches the Conjur seed files from the master cluster and distributes them to the follower clusters. The seed files contain the configuration and encryption keys that are required to join a follower node to the Conjur cluster. The seed fetcher service ensures that the follower clusters are always updated with the latest seed files and can join the Conjur cluster without manual intervention.
• 2 Windows servers for the CyberArk Central Credential Provider (CCP), one in each region. The CCP is a component that provides secure and centralized credential management for applications and clients that need to access secrets from the CyberArk PAM Vault. The CCP exposes a web service interface that allows applications and clients to request credentials based on their identity and permissions. The CCP integrates with the Conjur Synchronizer service to retrieve the secrets from the Conjur database and cache them locally for faster access.

Therefore, the total number of servers required for this deployment is 9 Linux servers and 2 Windows servers. This deployment architecture is based on the Conjur documentation1 and the Conjur training course2.

 Secrets Provider and Secretless are two solutions that can minimize the Kubernetes application code changes required to adopt Conjur for secrets access. Secrets Provider is a Kubernetes Job or Deployment that runs as an init container or application container alongside the application pod. It retrieves secrets from Conjur and writes them to one or more files in a shared, mounted volume. The application can then consume the secrets from the files without any code changes, as reading local files is a common and platform-agnostic method. Secretless is a sidecar proxy that runs as a separate container in the same pod as the application. It intercepts the application’s requests to protected resources, such as databases or web services, and injects the secrets from Conjur into the requests. The application does not need to handle any secrets in its code, as Secretless handles the authentication and authorization for it. References: CyberArk Secrets Provider for Kubernetes, Secretless Broker

This is the correct answer because the Conjur CLI is a tool that allows users to interact with the Conjur REST API from the command line. The Conjur CLI can be run on Windows, Red Hat Enterprise Linux, and macOS operating systems, as well as in Docker containers. The Conjur CLI can be installed using various methods, such as downloading the executable file, using a package manager, or pulling the Docker image. The Conjur CLI supports Conjur Enterprise 12.9 or later versions. This answer is based on the CyberArk Secrets Manager documentation1 and the CyberArk Secrets Manager training course2.

The other options are not true statements for the Conjur CLI. The Conjur CLI can be run from any machine that has network access to the Conjur server, not only from the Conjur Leader node. The Conjur Leader node is the node that performs read/write operations on the Conjur database and policy engine, and hosts the Conjur UI and API endpoints. The Conjur CLI is not required for working with the Conjur REST API, as users can also use other tools, such as curl, Postman, or web browsers, to send HTTP requests to the Conjur REST API. The Conjur CLI does implement the Conjur REST API for managing Conjur resources, such as roles, policies, secrets, and audit records. The Conjur CLI provides a set of commands that correspond to the Conjur REST API endpoints and allow users to perform various operations on the Conjur resources.