New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CyberArk CAU302 CyberArk Defender + Sentry Exam Practice Test

Demo: 34 questions
Total 237 questions

CyberArk Defender + Sentry Questions and Answers

Question 1

What is the purpose of the PrivateArk Database service?

Options:

A.

Maintains Vault metadata.

B.

Communicates with components.

C.

Sends email alerts from the vault ID.

D.

Executes password changes

Question 2

Which file is used to integrate the Vault with the RADIUS server?

Options:

A.

radius.ini

B.

PARagent.ini

C.

ENEConf.ini

D.

dbparm.ini

Question 3

It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

Options:

A.

TRUE

B.

FALSE

Question 4

Where do you configure in PVWA the fully-qualified domain name (FQDN) of your target email server during SMTP integration?

Options:

A.

PVWA > Platform Management > Notification Settings

B.

PVWA > Options > Notification Settings

C.

PVWA > Administration > Notification Settings

D.

PVWA > LDAP Integartion > Notification Settings

Question 5

The Vault needs to send SNMP traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution?

Options:

A.

PARAgent.ini

B.

dbparm.ini

C.

ENEConf.ini

D.

my.ini

Question 6

Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply

Options:

A.

The PSM software must be installed on the target server

B.

PSM must be enabled in the Master Policy {either directly, or through exception).

C.

PSMConnect must be added as a local user on the target server

D.

RDP must be enabled on the target server

Question 7

dbparm.ini is the main configuration file for the vault.

Options:

A.

TRUE

B.

FALSE

Question 8

Which parameter controls how often the CPM looks for Exclusive Passwords that need to be changed?

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Question 9

Multiple Vault Servers can be load balanced.

Options:

A.

True

B.

False

Question 10

Select the best practice for storing the Master CD.

Options:

A.

Copy the files to the Vault server and discard the CD.

B.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

C.

Store the CD in a secure location, such as a physical safe.

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder

(secured with NTFS permissions) on the vault.

Question 11

What is the purpose of the PrivateArk Server service?

Options:

A.

Executes password changes.

B.

Makes vault data accessible to components.

C.

Maintains vault metadata.

D.

Sends email alert from the Vault

Question 12

You are successfully managing passwords in the alpha.cyberark com domain; however when you attempt to manage a password in the beta.cyberark.com domain, you receive the 'network path not found* error What should you check first?

Options:

A.

That the username and password are correct.

B.

That the CPM can successfully resolve addresses in the beta cyberark com domain

C.

That the end user has the correct permissions on the safe

D.

That an appropriate trust relationship exists between alphaxyberark.com and beta.cyberark.com

Question 13

In an SMTP integration it is recommended to use the fully-qualified domain name (FQDN) when specifying the SMTP server addresses).

Options:

A.

TRUE

B.

FALSE

Question 14

For the hardening process to complete successfully, security products like Antivirus should be installed on the Vault server before running the vault installer

Options:

A.

TRUE

B.

FALSE

Question 15

When working with the CyberArk Cluster, which service is considered Optional (i.e., failure of the service does

not mandate a failover)?

Options:

A.

PrivateArk Server

B.

PrivateArk Database

C.

Event Notification Engine

D.

Logic Container

Question 16

What is the name of the Platform parameter that determines the amount of time a person is allowed to use a One Time Password?

Options:

A.

MinValidityPeriod

B.

Interval

C.

ImmediateInterval

D.

Timeout

Question 17

Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

Options:

A.

Suspected Credential Theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged Privileged Access

Question 18

A SIEM integration is a powerful way to correlate Privileged Account Usage with Privileged Account Activity.

Options:

A.

TRUE

B.

FALSE

Question 19

Which utilities could you use to change debugging levels on the vault without having to restart the vault Select all that apply.

Options:

A.

PAR Agent

B.

PrivateArk Server Central Administration

C.

Edit DBParm.ini in a text editor.

D.

Setup exe

Question 20

PSM requires the Remote Desktop Session Host role service.

Options:

A.

TRUE

B.

FALSE

Question 21

Which type of automatic remediation can be performed by the PTA in case of a Suspecious Password Change security event?

Options:

A.

Password Change

B.

Password Reconcilation

C.

Session Suspension

D.

Session Terminiation

Question 22

CyberArk recommends implementing object level access control on all Safes.

Options:

A.

True

B.

False

Question 23

Which file is used to configure new firewall rules on the Vault?

Options:

A.

firewall.ini

B.

PARagent.ini

C.

dbparm.ini

D.

padr.ini

Question 24

You have associated a logon account to one of your UNIX root accounts in the vault When attempting to verify the root account's password the CPM will...

Options:

A.

Ignore the logon account and attempt to log in as root.

B.

Prompt the end user with a dialog box asking for the login account to use.

C.

Log in first with the logon account, then run the su command to log in as root using the password in the vault

D.

None of these.

Question 25

What conditions must be met in order to log into the vault as the Master user? Select all that apply

Options:

A.

Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini

B.

User must provide the correct master password

C.

Logon requires the Recovery Private Key to be accessible to the vault

D.

Logon must satisfy a challange response request

Question 26

During ENE integration you should specify the Fully-Qualified Domain Name (FQDN) of the SMTP Gateway server.

Options:

A.

TRUE

B.

FALSE

Question 27

Name two ways of viewing the ITAlog:

Options:

A.

Log into the vault locally and navigate to the Server folder under the PrivateArk install location.

B.

Log into the PVWA and go to the Reports tab.

C.

Access the System Safe from the PrivateArk client.

D.

Go to the Thirdpary log directory on the CPM

Question 28

Which of the following is NOT a use case for installing multiple CPMS?

Options:

A.

A single CPM cannot accommodate the total number of accounts managed

B.

Accounts are managed in multiple sites or VLANs protected by firewall

C.

Reduce network traffic across WAN links

D.

Provide load balancing capabilities when managing passwords on target devices

Question 29

The Vault can only integrate with a single Security Information and Event Management (SIEM) or SYSLOG server.

Options:

A.

True

B.

False

Question 30

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Question 31

The vault supports a number of dual factor authentication methods.

Options:

A.

TRUE

B.

FALSE

Question 32

The PSM Gateway (also known as the HTML5 Gateway) can be installed

Options:

A.

True

B.

False, the PSM Gateway must be installed on a separate Windows machine

Question 33

Which one of the built-in Vault users is not automatically added to the safe when it is first created in PVWA?

Options:

A.

Master

B.

Administrator

C.

Auditor

D.

Operator

Question 34

Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts'? Select all that apply.

Options:

A.

Discovery and Audit (DNA)

B.

Auto Detection (AD)

C.

Export Vault Data (EVD)

D.

On Demand Privileges Manager (OPM)

E.

Accounts Discovery

Demo: 34 questions
Total 237 questions