Which statement about the Master Policy best describes the differences between one-time password and exclusive access functionality?
When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?
You are creating a new Rest API user that utilizes CyberArk Authentication.
What is a correct process to provision this user?
You are creating a Dual Control workflow for a team’s safe.
Which safe permissions must you grant to the Approvers group?
What are the minimum permissions to add multiple accounts from a file when using PVWA bulk-upload? (Choose three.)
Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.
What is the correct process to install a custom platform from the CyberArk Marketplace?
To change the safe where recordings are kept for a specific platform, which setting must you update in the platform configuration?
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.
It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur
Match each key to its recommended storage location.
Which of the following properties are mandatory when adding accounts from a file? (Choose three.)
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?
Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?
Which file must be edited on the Vault to configure it to send data to PTA?
Match each PTA alert category with the PTA sensors that collect the data for it.
ADR Vault became active due to a failure of the primary Vault. Service on the primary Vault has now been restored. Arrange the steps to return the DR vault to its normal standby mode in the correct sequence.
You receive this error:
“Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.”
Which root cause should you investigate?
Select the best practice for storing the Master CD.
Which command generates a full backup of the Vault?
If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?
What is required to enable access over SSH to a Unix account through both PSM and PSMP?
Accounts Discovery allows secure connections to domain controllers.
You are creating a shared safe for the help desk.
What must be considered regarding the naming convention?
What is required to manage loosely connected devices?
A Reconcile Account can be specified in the Master Policy.
You are concerned about the Windows Domain password changes occurring during business hours.
Which settings must be updated to ensure passwords are only rotated outside of business hours?
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?
Where can a user with the appropriate permissions generate a report? (Choose two.)
An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?
Time of day or day of week restrictions on when password verifications can occur configured in ____________________.
When should vault keys be rotated?
Which option in the Private Ark client is used to update users’ Vault group memberships?
You created a new platform by duplicating the out-of-box Linux through the SSH platform.
Without any change, which Text Recorder Type(s) will the new platform support? (Choose two.)
When creating an onboarding rule, it will be executed upon .
The Accounts Feed contains:
What is the chief benefit of PSM?
What is the purpose of the PrivateArk Database service?
Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.
You want to create a new onboarding rule.
Where do you accomplish this?
A password compliance audit found:
1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced.
2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM.
What should you do to address these findings?
You have been asked to delegate the rights to unlock users to Tier 1 support. The Tier 1 support team already has an LDAP group for its members.
Arrange the steps to do this in the correct sequence.
Match the connection component to the corresponding OS/Function.
What is the primary purpose of Dual Control?
Match the built-in Vault User with the correct definition.
What is the maximum number of levels of authorization you can set up in Dual Control?
You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission.
Where do you update this permission for all auditors?
As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.
Before failing back to the production infrastructure after a DR exercise, what must you do to maintain audit history during the DR event?
You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?
The System safe allows access to the Vault configuration files.
What is the purpose of the Interval setting in a CPM policy?
You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?
You notice an authentication failure entry for the DR user in the ITALog.
What is the correct process to fix this error? (Choose two.)
Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).
Which command configures email alerts within PTA if settings need to be changed post install?
According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?
tsparm.ini is the main configuration file for the Vault.
What are the mandatory fields when onboarding from Pending Accounts? (Choose two.)
Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?
Which is the primary purpose of exclusive accounts?
For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.
Which item is an option for PSM recording customization?
What is the primary purpose of One Time Passwords?
Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.
Which dependent accounts does the CPM support out-of-the-box? (Choose three.)
During a High Availability node switch you notice an error and the Cluster Vault Manager Utility fails back to the original node.
Which log files should you check to investigate the cause of the issue? (Choose three.)
A user needs to view recorded sessions through the PVWA.
Without giving auditor access, which safes does a user need access to view PSM recordings? (Choose two.)
Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.
A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?
