PAM DEFENDER

What are the functions of the Remote Control Agent service? (Choose 3). Allows remote monitoring of the Vault. Sends SNMP traps from the Vault. Maintains audit data. Allows CyberArk services to be managed (start/stop/status) remotely.

The Vault administrator can change the Vault license by uploading the new license to the system Safe. True. False.

CyberArk implements license limits by controlling the number and types of users that can be provisioned in the Vault. True. False.

Discovery allows secure connections to domain controllers. True. False.

PSM for Windows (previously known as RDP Proxy) supports connections to the which of the following target systems?. Windows. Unix. Oracle. All of the above.

PSM for SSH (previously known as PSM-SSH Proxy) supports connections to which of the following target systems?. Windows. Unix. Oracle. All of the above.

Within the Vault each password is encrypted by: the server key. the recovery public key. the recovery private key. its own unique key.

Which utilities could a Vault administrator use to change debugging levels on the Vault without having to restart the Vault? (Select the two correct options). PAR Agent. PrivateArk Server Central Administration. Edit DBParm.ini in a text editor. Setup.exe.

How does the Vault administrator apply a new license file?. Upload the license.xml file to the system Safe and restart the PrivateArk Server service. Upload the license.xml file to the system Safe. Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service. Upload the license.xml file to the Vault Internal Safe.

Which keys are required to be present in order to start the PrivateArk Server service? (Choose 2). Recovery public key. Recovery private key. Server key. Safe key.

What is the purpose of the CyberArk Event Notification Engine service?. It sends email messages from the Central Policy Manager (CPM). It sends email messages from the Vault. It processes audit report messages. It makes Vault data available to components.

What is the purpose of the PrivateArk Database service?. Communicates with components. Sends email alerts from the Vault. Executes password changes. Maintains Vault metadata.

What is the purpose of the PrivateArk Server service?. Executes password changes. Maintains Vault metadata. Makes Vault data accessible to components. Sends email alerts from the Vault.

Select the best practice for storing the Master CD. Copy the files to the Vault server and discard the CD. Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD. Store the CD in a secure location, such as a physical safe. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault.

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose the three correct options). Store the CD in a physical safe and mount the CD every time Vault maintenance is performed. Copy the entire contents of the CD to the system Safe on the Vault. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NT FS permissions.

Which service should NOT be running on the DR Vault when the primary Production Vault is up?. PrivateArk Database. PrivateArk Server. CyberArk Vault Disaster Recovery (DR). CyberArk Logic Container.

Which of the following logs contains information about errors related to PTA?. ITAlog.log. diamond.log. pm_error.log. WebApplication.log.

When a DR Vault Server becomes an active vault, it Will automatically fail back to the original state once the Primary Vault comes back online. True; this is the default behavior. False, this is not possible. True, if the AllowFailback setting is set to 'yes' in the padr.ini file. True, if the AllowFailback setting is set to 'yes' in the dbparm.ini file.

Which of the following components can be used to create a tape backup of the Vault?. Disaster Recovery. Distributed Vaults. Replicate. High Availability.

A Vault administrator has associated a logon account to one of their Unix root accounts in the Vault. When attempting to change the root account's password the Central Policy Manager (CPM) will: log in to the system as root, then change root's password. log in to the system as the logon account, then change root's password. log in to the system as the logon account, run the SU command to log in as root, and then change root's password. none of these.

For a Safe with object level access control enabled the Vault administrator is able to turn off object level access control when it no longer needed on the Safe. True. False.

The Vault supports Subnet Based Access Control. True. False.

The Vault does NOT support Subnet Based Access Control. True. False.

Assuming a Safe has been configured to be accessible during certain hours of the day, a Vault administrator may still access that Safe outside of those hours. True. False.

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control. True. False.

What is the purpose of the password verify process?. To test that CyberArk is storing accurate credentials for accounts. To change the password of an account according to organizationally defined password rules. To allow CyberArk to manage unknown or lost credentials. To generate a new complex password.

In order to grant a permission to a user, an administrator MUST possess that permission. True. False.

A logon account can be specified in the platform settings. True. False.

Which Master Policy setting must be active in order to have an account checked out by one user for a pre-determined amount of time?. Require Dual Control password access approval. Enforce check-in/check-out exclusive access. Enforce one-time password access. Enforce check-in/check-out exclusive access and enforce one-time password access.

Which combination of Safe member permissions Will allow end users to log in to a remote machine transparently but NOT show or copy the password?. Use Accounts, Retrieve Accounts, List Accounts. Use Accounts, List Accounts. Use Accounts. List Accounts, Retrieve Accounts.

CyberArk recommends implementing object level access control on all Safes. True. False.

Which credentials does CyberArk use when managing a target account?. Those of the service account for the CyberArk Password Manager service. A domain administrator account created for this purpose. The credentials of the target account. An account assigned by the Master Policy.

What is the purpose of the password reconcile process?. To test that CyberArk is storing accurate credentials for accounts. To change the password of an account according to organizationally defined password rules. To allow CyberArk to manage unknown or lost credentials. To generate a new complex password.

What is the process to remove object level access control from a Safe?. Uncheck the 'Enable Object Level Access Control' on the Safe Details page in the PVINA. Uncheck the 'Enable Object Level Access Control' box in the Safe Properties in PrivateArk. This cannot be done. Remove all ACLS from the Safe.

Access control to passwords is implemented by: Vault authorizations. Safe authorizations. Master Policy. platform settings.

If a user is a member of more than one group that has authorizations on a Safe, by default that user is granted: the Vault Will not allow this situation to occur. only those permissions that exist on the group added to the Safe first. only those permissions that exist in all groups to which the user belongs. the cumulative permissions of all the groups to which that user belongs.

Users who have the 'Access Safe without confirmation' permission on a Safe where accounts are configured for Dual Control still need to request approval to use the account. True. False.

Which is the purpose of a linked account?. To ensure that a particular collection of accounts all have the same password. To ensure a particular set of accounts all change at the same time. To connect the CPM to a target system. To allow the use of additional passwords within a password management process.

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password the Central Policy Manager (CPM) will: ignore the logon account and attempt to log in as root. prompt the end user with a dialog box asking for the login account to use. log in first with the logon account, then run the SU command to log in as root using the password in the Vault. none of these.

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would the Vault administrator configure a group of users to access a password without approval?. Create an exception to the Master Policy to exclude the group from the workflow process. Edit the Master Policy rule and modify the advanced 'Access Safe without approval' rule to include the group. On the Safe in which the account is stored grant the group the 'Access Safe without audit' authorization. On the Safe in which the account is stored grant the group the 'Access Safe without confirmation' authorization.

Which is the primary purpose of exclusive accounts?. Reduced risk of credential theft. More frequent password changes. Non-repudiation (individual accountability). To force a 'collusion to commit' fraud...

Which is the primary purpose of one-time passwords?. Reduced risk of credential theft. More frequent password changes. Non-repudiation (individual accountability). To force a 'collusion to commit' fraud...

Which is the primary purpose of Dual Control?. Reduced risk of credential theft. More frequent password changes. Non-repudiation (individual accountability). To force a 'collusion to commit' fraud...

What is the name of the platform parameter that determines the length of time a person is allowed to use a one-time password?. MinValidityPeriod. Interval. Immediatelnterval. Timeout.

Which is the purpose of the HeadStartlntervaI setting in a platform?. lt determines how far in advance audit data is collected for reports. lt instructs the CPM to initiate the password change process certain number of days before expiration. lt instructs the AIM provider to 'skip the cache' during the defined time period. lt alerts users of upcoming password changes a certain number of days before expiration.

Platform settings are applied to: the entire Vault. network areas. Safes. individual accounts.

One can create exceptions to the Master Policy based on: Safes. platforms. policies. accounts.

When managing SSH keys, the Central Policy Manager (CPM) stores the public key: in the Vault. on the target server. A and B. nowhere because the public key can always be generated from the private key.

Time of day or day of week restrictions on when password changes can occur are configured in the: Master Policy. platform settings. Safe settings. account details.

A Safe was recently created by a user who is a member of the LDAP Vault Administrators group. Which of the following users does NOT have access to the newly created Safe by default?. Master. Administrator. Auditor. Backup.

According to the default web options settings, which group grants access to the reports page?. PVWAUsers. Vault Administrators. Auditors. PVWAMonitor.

Which report could show all accounts that are past their expiration dates?. Privileged Account Compliance Status report. Activity log. Privileged Account Inventory report. Application Inventory report.

You have been asked to secure a set of shared accounts... The account owner wants to be able to track who was using an account at any given moment. Which security configuration should you recommend?. Configure one-time passwords... Configure shared account mode on the appropriate safe. Configure both one-time password and exclusive access for the appropriate platform in Master Policy. Configure object level access control on the appropriate safe.

In your organization the “click to connect” button is not active by default. How can this feature be activated?. Policies > Master Policy > Allow EPV transparent connections > inactive. Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception. Policies > Master Policy > Allow EPV transparent connections > Active. Policies > Master Policy > Password Management.

A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights. Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?. PVWA > User Provisioning > LDAP Integration > Mapping Criteria. PVWA > User Provisioning > LDAP Integration > Map Name. PVWA > Administration > LDAP Integration > Mappings. PVWA > Administration > LDAP Integration > AD Groups.

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens. Which piece of the platform is missing?. PSM-SSH Connection Component. UnixPrompts.ini. UnixProcess.ini. PSM-RDP Connection Component.

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?. Export Vault Data. Export Vault Information. PrivateArk Client. Privileged Threat Analytics.

Which PTA sensors are required to detect suspected credential theft?. Logs, Vault Logs. Logs, Network Sensor, Vault Logs. Logs, PSM Logs, CPM Logs. Logs, Network Sensor, EPM.

When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?. List Accounts, View Safe Members. Manage Safe Owners. List Accounts, Access Safe without confirmation. Manage Safe, View Audit.

The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys. How are these keys managed?. CyberArk stores Private keys in the Vault and updates public keys on target systems. CyberArk stores public keys in the Vault and updates Private keys on target systems. CyberArk does not store Public or Private keys... CyberArk stores both Private and Public keys...

You need to enable the PSM for all platforms. Where do you perform this task?. Platform Management > (Platform) > UI & Workflows. Master Policy > Session Management. Master Policy > Privileged Access Workflows. Administration > Options > Connection components.

How much disk space do you need on the server for a PAReplicate?. 500 GB. 1 TB. Same as disk size on Satellite Vault. Same as disk size on Primary Vault.

In the Private Ark client, how do you add an LDAP group to a CyberArk group?. Select Update on the CyberArk group, and then click Add > LDAP Group. Select Update on the LDAP Group, and then click Add > LDAP Group. Select Member Of on the CyberArk group, and then click Add > LDAP Group. Select Member Of on the LDAP group, and then click Add > LDAP Group.

In a rule using “Privileged Session Analysis and Response” in PTA, which session options are available to configure as responses to activities?. Suspend, Terminate, None. Suspend, Terminate, Lock Account. Pause, Terminate, None. Suspend, Terminate.

A user requested access to view a password secured by dual-control... What is the correct location to identify users or groups who can approve?. PVWA > Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control > Approvers. PVWA > Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests. PVWA > Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers. PrivateArk > Admin Tools > User and Groups > Auditors (Group Membership).

You are creating a Dual Control workflow for a team’s safe. Which safe permissions must you grant to the Approvers groups?. List accounts, Authorize account request. Retrieve accounts, Access Safe without confirmation. Retrieve accounts, Authorize account request. List accounts, Unlock accounts.

You received this error: “Error in changepass to user domain/user on domain server (winRc=5) Access is denied.” Which root cause should you investigate?. The account does not have sufficient permission to change its own password. The domain controller is unreachable. The password has been changed recently and minimum password age is preventing the change. The CPM service is disabled and will need to be restarted.

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.). Operating System Username. Host IP Address. Client Hostname. Operating System Type (Linux/Windows/HP-UX). Vault IP Address. Time Frame.

A new HTML5 Gateway has been deployed in your organization. Where do you configure the PSM to use the HTML5 Gateway?. Administration > Option > Privileged Session Management > Configured PSM Server > Connection Details > Add PSM Gateway. Administration > Option > Privileged Session Management > Add Configured PSM Gateway Server. Administration > Option > Privileged Session Management > Configured PSM Servers > Add PSM Gateway. Administration > Option > Privileged Session Management > Configured PSM Servers > Connection Details.

Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?. Privileged Accounts Inventory. Privileged Accounts Compliance Status. Activity Log. Privileged Accounts CPM Status.

To use PSM connection while in the PVWA, what are the minimum safe permissions a user or group will need?. List Accounts, Use Accounts. List Accounts, Use Accounts, Retrieve Accounts. Use Accounts. List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation.

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account. How should this be configured...?. Configure each CPM to use the correct logon account. Configure each CPM to use the correct reconcile account. Configure the UNIX platform to use the correct logon account. Configure the UNIX platform to use the correct reconcile account.

You are creating a new Rest API user that utilizes CyberArk Authentication. What is a correct process to provision this user?. Private Ark Client > Tools > Administrative Tools > User and Groups > New > User. Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add. PVWA > User Provisioning > LDAP integration > Add Mapping. PVWA > User Provisioning > User and Groups > New > User.

Which permissions are needed for the Active Directory user required by the Windows Discovery process?. Domain Admin. LDAP Admin. Read/Write. Read.

To manage automated onboarding rules, a CyberArk user must a member of which group?. Vault Admins. CPM User. Auditors. Administrators.

If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file...?. KeyPath. KeyFile. ObjectName. Address.

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication. Which locations must you update?. On the Vault server... and in the PVWA Application... On the Vault server... and on the PVWA server... In the Private Ark client under Tools > Administrative Tools > Directory Mapping. On the Vault server in the certificate store and on the PVWA server...

Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?. They are added to the Pending Accounts list and can be reviewed and manually updated. They cannot be onboarded to the Password Vault. They must be uploaded using third party tools. They are not part of the Discovery Process.

Your customer, ACME corp, wants to store the Safes Data in Drive D instead of Drive C. Which file should you edit?. TSparm.ini. Vault.ini. DBparm.ini. User.ini.

Which option in the Private Ark client is used to update users Vault group memberships?. Update > General tab. Update > Authorizations tab. Update > Member Of tab. Update > Group tab.

Which Automatic Remediation is configurable for a PTA detection of a Suspected Credential Theft?. Add to Pending. Rotate Credentials. Reconcile Credentials. Disable Account.

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?. Password change. Password reconciliation. Session suspension. Session termination.

Which type of automatic remediation can be performed by the PTA in case of a suspicious password change security event?. Password change. Password reconciliation. Session suspension. Session termination.

Which of the following PTA detections are included in the Core PAS offering? (Choose 2). Suspected Credential Theft. Over-Pass-The-Hash. Golden Ticket. Unmanaged Privileged Access.

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM. True. False, the PTA can suspend sessions whether the session is made via the PSM or not.

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?. Suspected credential theft. Over-Pass-The-Hash. Golden Ticket. Unmanaged privileged access.

Which one of the following reports is NOT generated by using the Password Vault Web Access (PVWA)?. Accounts Inventory. Application Inventory. Active/Non-Active Users. Compliance Status.

What is the purpose of EVD?. To extract vault metadata into a open database platform. To allow editing of vault metadata. To create a backup of the MySQL database. To extract audit data from the vault.

A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings. What is the issue?. The user must login as PSMAdminConnect. The PSM service is not running. The user is not a member of the PVWAMonitor group. The user is not a member of the Auditors group.

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?. PSMConnect. PSMMaster. PSMGwUser. PSMAdminConnect.

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the Vault. True. False, because the user can also enter credentials manually using Ad-Hoc Access. False, because if credentials are not stored in the Vault, the PSM Will log into the target device as PSM Connect. False, because if credentials are not stored in the Vault, the PSM Will prompt for credentials.

Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client's machine makes an RDP connection to the PSM server, which user Will be utilized?. Credentials stored in the Vault for the target machine. Shadowuser. PSMConnect. PSMAdminConnect.

Vault administrators must manually add the Auditors group to newly created Safes so auditors Will have sufficient access to run reports. True. False.

Which user(s) can access all passwords in the Vault?. Administrator. Any member of Vault administrators. Any member of auditors. Master.

A user is receiving the error message ITATS006E Station is suspended for User jsmith when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?. createcredfile.exe. cavaultmanager.exe. PrivateArk. PVWA.

Which user is automatically added to all Safes and cannot be removed?. Auditor. Administrator. Master. Operator.

Which are acceptable in the Address field of an account. It must be a fully qualified name (FQDN). It must be an IP address. It must be a NetBIOS name. Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable.

The Accounts Feed contains. accounts that were discovered by CyberArk in the last 30 days. accounts that were discovered by CyberArk but have not yet been onboarded. all accounts added to Vault in the last 30 days. all users added to CyberArk in the last 30 days.

Which of these accounts onboarding methods is considered proactive?. Accounts Discovery. Detecting accounts with PTA. A Rest API integration with account provisioning software. A DNA scan.

It is possible to control the hours of the day during which a user may long into the vault. TRUE. FALSE.

VAULT authorizations may be granted to ______________. (Choose all that apply.). Vault Users. Vault Groups. LDAP Users. LDAP Groups.

What is the purpose of the Interval setting in a CPM policy?. To Control how often the CPM looks for system-initiated CPM work. To control how often the CPM looks for User initiated CPM work. To control how long the CPM rests between password changes. To control the maximum amount of time the CPM Will wait for a password change to complete.

What is the purpose of the Immediate Interval setting in a CPM policy?. To control how often the CPM looks for System Initiated CPM work. To control how often the CPM looks for User Initiated CPM work. To control how long the CPM rests between password changes. To control the maximum amount of time the CPM Will wait for a password change to complete.

A Logon Account can be specified in the Master Policy. TRUE. FALSE.

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to. TRUE. FALSE.

Which report provides a list of accounts stored in the vault?. Privileged Accounts Inventory. Privileged Accounts Compliance Status. Entitlement Report. Activity log.

When on-boarding account using Accounts Feed, which of the following is true?. You must specify an existing Safe where the account will be stored when it is on-boarded to the Vault. You can specify the name of a new safe that will be created where the account will be stored... You can specify the name of a new Platform that will be created... Any account that is on-boarded can be automatically reconciled...

Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property. TRUE. FALSE.

PSM captures a record of each command that was executed in Unix. TRUE. FALSE.

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection. TRUE. FALSE.

Which of the following files must be created or configured in order to run Password Upload Utility? (Choose all that apply.). PACli.ini. Vault.ini. Conf.ini. A comma delimited upload file.

Users can be restricted through certain CyberArk interfaces (e.g. PVWA or PACLI). TRUE. FALSE.

It is possible to restrict the time of day, or day of week that a reconcile process can occur. TRUE. FALSE.

Which of the following options is not set in the Master Policy?. Password Expiration Time. Enabling and Disabling of the Connection Through the PSM. Password Complexity. The use of One-Time-Password.

The System safe allows access to the Vault configuration files. TRUE. FALSE.

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?. Configure the Provider to change the password to match the Vaults Password. Associate a reconcile account and configure the platform to reconcile automatically. Associate a logon account and configure the platform to reconcile automatically. Run the correct auto detection process to rediscover the password.

What is the maximum number of levels of authorization you can set up in Dual Control?. 1. 2. 3. 4.

The Password upload utility can be used to create safes. TRUE. FALSE.

Which CyberArk components products can be used to discovery Windows Services or Scheduled Task that use privileged accounts? (Choose all that apply.). Discovery and Audit (DNA). Auto Detection (AD). Export Vault Data (EVD). On Demand Privileges manager (OPM). Accounts Discovery.

A reconcile Account can be specified in the Master Policy. TRUE. FALSE.

Secure Connect provides the following features. (Choose all that apply.). PSM connections to target devices that are not managed by CyberArk. Session Recording. Real-time live session monitoring. PSM connections from a terminal without the need to login to the PVWA.

Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?. Accounts Discovery. Auto Detection. Onboarding RestAPI functions. PTA Rules.

The vault supports Role Based Access Control. TRUE. FALSE.

When a group is granted the Authorize Account Requests permission on a safe Dual control requests must be approved by. Any one person from that group. Every person from that group. The number of persons specified by the Master Policy. That access cannot be granted to groups.

When managing SSH keys, the CPM stores the private key. In the Vault. On the target server. A & B. Nowhere because the private key can always be generated from the public key.

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed?. HeadStartInterval. Interval. ImmediateInterval. The CPM does not change the password under this circumstance.

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?. PSM (i.e., launching connections by clicking on the Connect button in the PVWA). PSM for Windows (previously known as RDP Proxy). PSM for SSH (previously known as PSM SSH Proxy). All of the above.

The password upload utility must run from the CPM server. TRUE. FALSE.

When creating an onboarding rule, it will be executed upon _____________. All accounts in the pending accounts list. Any future accounts discovered by a discovery process. Both All accounts in the pending accounts list and Any future accounts discovered by a discovery process.

Which report shows the accounts that are accessible to each user?. Activity report. Entitlement report. Privileged Accounts Compliance Status report. Applications Inventory report.

What is the chief benefit of PSM?. Privileged session isolation. Automatic password management. Privileged session recording. Privileged session isolation and Privileged session recording.

Tsparm.ini is the main configuration file for the Vault. TRUE. FALSE.

Dbparm.ini is the main configuration file for the Vault. TRUE. FALSE.

What is the purpose of the password change process?. To test that CyberArk is storing accurate credentials for accounts. To change the password of an account according to organizationally defined password rules. To allow CyberArk to manage unknown or lost credentials. To generate a new complex password.

To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configurations changes. Require privilege session monitoring and isolation = inactive; Record and save session activity = active. Require privilege session monitoring and isolation = inactive; Record and save session activity = inactive. Require privilege session monitoring and isolation = active; Record and save session activity = active. Require privilege session monitoring and isolation = active; Record and save session activity = inactive.

You are onboarding an account that is not supported out of the box. What should you do first to obtain a platform to import?. Create a service ticket in the customer portal... Search common community portals like stackoverflow, reddit, github... From the platform page, uncheck the Hide non-supported platforms checkbox... Visit the CyberArk marketplace and search for a platform that meets your needs.

You have been asked to identify the up or down status of Vault services. Which CyberArk utility can you use to accomplish this task?. Vault Replicator. PAS Reporter. Remote Control Agent. Syslog.

You are logging into CyberArk as the Master user to recover an orphaned safe. Which items are required to log in as Master?. Master CD, Master Password, console access to the Vault server, Private Ark Client. Operator CD, Master Password, console access to the PVWA server, PVWA access. Operator CD, Master Password, console access to the Vault server, Recover.exe. Master CD, Master Password, console access to the PVWA server, Recover.exe.

Your organization requires all passwords be rotated every 90 days. Where can you set this regulatory requirement?. Master Policy. Safe Templates. PVWAConfig.xml. Platform Configuration.

You have been asked to turn off the time access restrictions for a safe. Where is this setting found?. PrivateArk. RestAPI. Password Vault Web Access (PVWA). Vault.

What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?. UnixPrompts.ini. Plink.exe. Dbpam.ini. PVConfig.xml.