Studied by 0 people
Looks like no one added any tags here yet for you.
Which command configures email alerts within PTA if settings need to be changed post install?
A. /opt/tomcat/utility/emailConfiguration.sh
B. /opt/PTA/emai!Configuration.sh
C. /opt/PTA/utility/emailConfig.sh
D. /opt/tomcat/utiity/emailSetup.sh
A. /opt/tomcat/utility/emailConfiguration.sh
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?
A. All of the above
B. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)
C. PSM for Windows (previously known as RDP Proxy)
D. PSM for SSH (previously known as PSM SSH Proxy)
A. All of the above
It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur
A. TRUE
B. FALSE
A. TRUE
According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?
A. PVWAUsers
B. Vault Admins
C. Auditors
D. PVWAMonitor
D. PVWAMonitor
By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?
A. Vault Admins
B. Security Admins
C. Security Operators
D. Auditors
A. Vault Admins
B. Security Admins
When managing SSH keys, the CPM stores the Public Key
A. Nowhere because the public key can always be generated from the private key.
B. A & B
C. On the target server
D. In the Vault
C. On the target server
You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.What do you need to recover and decrypt the object? (Choose three.)
A. Recovery Private Key
B. Recover.exe
C. Vault data
D. Recovery Public Key
E. Server Key
F. Master Password
A. Recovery Private Key
B. Recover.exe
D. Recovery Public Key
What is the name of the Platform parameters that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?
A. Min Validity Period
B. Interval
C. Immediate Interval
D. Timeout
A. Min Validity Period
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).
A. True
B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows
A. True
The vault supports Subnet Based Access Control.
A. FALSE
B. TRUE
B. TRUE
Select the best practice for storing the Master CD.
A. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault
B. Store the CD in a secure location, such as a physical safe
C. Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD
D. Copy the files to the Vault server and discard the CD
B. Store the CD in a secure location, such as a physical safe
Which keys are required to be present in order to start the PrivateArk Server service?
A. Server key
B. Recovery private key
C. Safe key
D. Recovery public key
A. Server key and D. Recovery public key
To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?
A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe
C. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit
D. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit
A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
When running a "Privileged Accounts Inventory" Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?
A. Manage Safe, View Audit
B. List Accounts, Access Safe without confirmation
C. List Accounts, View Safe Members
D. Manage Safe Owners
C. List Accounts, View Safe Members
Your organization requires all passwords be rotated every 90 days.Where can you set this regulatory requirement?
A. PVWAConfig.xml
B. Safe Templates
C. Master Policy
D. Platform Configuration
C. Master Policy
When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.
A. True, if the AllowFailback setting is set to "yes" in the padr.ini file
B. False; this is not possible
C. True; this is the default behavior
D. True, if the AllowFailback setting is set to "yes" in the dbparm.ini file
B. False; this is not possible
PSM captures a record of each command that was executed in Unix.
A. FALSE
B. TRUE
B. TRUE
A new HTML5 Gateway has been deployed in your organization.Where do you configure the PSM to use the HTML5 Gateway?
A. Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway
B. Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers
C. Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway
D. Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Detail
A. Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway
Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)
A. Host IP Address
B. Client Hostname
C. Vault IP Address
D. Operating System Username
E. Operating System Type (Linux/Windows/HP-UX)
F. Time Frame
D Operating System Username
A. Host IP Address
B. Client Hostname
When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by
A. The number of persons specified by the Master Policy
B. Every person from that group
C. That access cannot be granted to groups
D. Any one person from that group
A. The number of persons specified by the Master Policy
You are creating a new Rest API user that utilizes CyberArk Authentication.What is a correct process to provision this user?
A. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
B. PVWA > User Provisioning > LDAP Integration > Add Mapping
C. PVWA > User Provisioning > Users and Groups > New > User
D. Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add
A. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
Which of the following properties are mandatory when adding accounts from a file? (Choose three.)
A. All required properties specified in the Platform
B. Hostname
C. Username
D. Safe Name
E. Address
F. Platform ID
A. All required properties specified in the Platform
F. Platform ID
D. Safe Name
An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?
A. PSMAdminConnect
B. PSMMaster
C. PSMConnect
D. PSMGwUser
A. PSMAdminConnect
CyberArk recommends implementing object level access control on all Safes.
A. True
B. False
B. False
What is the purpose of the PrivateArk Server service?
A. Maintains Vault metadata
B. Sends email alerts from the Vault
C. Executes password changes
D. Makes Vault data accessible to components
D. Makes Vault data accessible to components
When managing SSH keys, the CPM stored the Private Key
A. A & B
B. On the target server
C. In the Vault
D. Nowhere because the private key can always be generated from the public key.
C. In the Vault
In your organization the "click to connect" button is not active by default.How can this feature be activated?
A. Policies > Master Policy > Password Management
B. Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception
C. Policies > Master Policy > Allow EPV transparent connections > Active
D. Policies > Master Policy > Allow EPV transparent connections > Inactive
C. Policies > Master Policy > Allow EPV transparent connections > Active
As vault Admin you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?
A. Audit Users and Add/Update Users
B. Audit Users and Manage Directory Mapping
C. Audit Users and Activate Users
D. Audit Users and Add Network Areas
B. Audit Users and Manage Directory Mapping
Time of day or day of week restrictions on when password verifications can occur configured in ____________________.
A. The Account Details
B. The Platform settings
C. The Master Policy
D. The Safe settings
B. The Platform settings
Match the log file name with the CyberArk Component that generates the log.
Italog
pm.log
diamond.log
cyberark.webapplication.log
Italog - vault
pm.log - CPM
diamond.log - PTA
cyberark.webapplication.log -PVWA
If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?
A. Address
B. ObjectName
C. KeyPath
D. KeyFile
D. KeyFile
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?
A. Connection Component
B. Vault
C. CPM
D. Platform
D. Platform
In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?
A. Number of PSMs
B. Retention period
C. Number of users
D. Number of targets
B. Retention period
Which report shows the accounts that are accessible to each user?
A. Privileged Accounts Compliance Status report
B. Activity report
C. Applications Inventory report
D. Entitlement report
D. Entitlement report
Which of the following logs contains information about errors related to PTA?
A. WebApplication.log
B. pm_error.log
C. diamond.log
D. ITAlog.log
C. diamond.log
Target account platforms can be restricted to accounts that are stored in specific Safes using the Allowed Safes property.
A. FALSE
B. TRUE
B. TRUE
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.
A. FALSE
B. TRUE
A. FALSE
To manage automated onboarding rules, a CyberArk user must be a member of which group?
A. Vault Admins
B. Administrators
C. CPM User
D. Auditors
A. Vault Admins
Which of the following options is not set in the Master Policy?
A. Password Expiration Time
B. The use of "One-Time-Passwords"
C. Enabling and Disabling of the Connection Through the PSM
D. Password Complexity
D. Password Complexity
Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.
A. FALSE
B. TRUE
A. FALSE
Which pre-requisite step must be completed before installing a Vault?
A. Copy the master CD to a folder on the Vault server
B. Join the server to the domain
C. install a clean operating system
D. install anti-virus software
C. install a clean operating system
The Password upload utility can be used to create safes.
A. FALSE
B. TRUE
B. TRUE
You are logging into CyberArk as the Master user to recover an orphaned safe.Which items are required to log in as Master?
A. Operator CD, Master Password, console access to the Vault server, Recover.exe
B. Master CD, Master Password, console access to the PVWA server, Recover.exe
C. Operator CD, Master Password, console access to the PVWA server, PVWA access
D. Master CD, Master Password, console access to the Vault server, Private Ark Client
D. Master CD, Master Password, console access to the Vault server, Private Ark Client
The System safe allows access to the Vault configuration files.
A. FALSE
B. TRUE
B. TRUE
You receive this error:"Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied." Which root cause should you investigate?
A. The account does not have sufficient permissions to change its own password.
B. The domain controller is unreachable
C. The password has been changed recently and minimum password age is preventing the change.
D. The CPM service is disabled and will need to be restarted.
A. The account does not have sufficient permissions to change its own password.
In the Private Ark client, how do you add an LDAP group to a CyberArk group?
A. Select Member Of on the LDAP group, and then click Add > LDAP Group
B. Select Member Of on the CyberArk group, and then click Add > LDAP Group
C. Select Update on the LDAP Group, and then click Add > LDAP Group
D. Select Update on the CyberArk group, and then click Add > LDAP Group
D. Select Update on the CyberArk group, and then click Add > LDAP Group
Which report provides a list of account stored in the vault.
A. Privileged Accounts Inventory
B. Privileged Accounts Compliance Status
C. Entitlement Report
D. Active Log
A. Privileged Accounts Inventory
What is the primary purpose of Dual Control?
A. Non-repudiation (individual accountability)
B. Reduced risk of credential theft
C. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.
D. More frequent password changes
C. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.
A customer's environment three data centers, consisting of 5,000 servers in Germany, 10,000 servers in Canada, 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPM's should you deploy?
A. 6, total, 2 per data center
B. 1
C. 15
D. 3, total, 1 per data center
D. 3, total, 1 per data center
Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.
A. Vault.ini
B. PACli.ini
C. A comma delimited upload file
D. conf.ini
A. Vault.ini
C. A comma delimited upload file
D. conf.ini
A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.Which piece of the platform is missing?
A. PSM-RDP Connection Component
B. UnixPrompts.ini
C. UnixProcess.ini
D. PSM-SSH Connection Component
D. PSM-SSH Connection Component
You want to generate a license capacity report.Which tool accomplishes this?
A. RestAPI
B. Password Vault Web Access
C. PrivateArk Client
D. DiagnoseDB Report
C. PrivateArk Client
Which components can connect to a satellite Vault in distributed Vault architecture?
A. CPM, PSM
B. PVWA, PSM
C. CPM,PVWA, PSM
D. CPM, EPM, PTA
B. PVWA, PSM
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.
A. On the safe in which the account is stored grant the group the' Access safe without confirmation' authorization.
B. On the safe in which the account is stored grant the group the' Access safe without audit' authorization
C. Create an exception to the Master Policy to exclude the group from the workflow process.
D. Edith the master policy rule and modify the advanced' Access safe without approval' rule to include the group.
A. On the safe in which the account is stored grant the group the' Access safe without confirmation' authorization.
You are creating a shared safe for the help desk.What must be considered regarding the naming convention?
A. Ensure your naming convention is no longer than 20 characters.
B. The use of these characters V:*<>".| is not allowed.
C. Combine environments, owners and platforms to minimize the total number of safes created.
D. Safe owners should determine the safe name to enable them to easily remember it.
B. The use of these characters V:*<>".| is not allowed
For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?
A. The shared storage array is offline.
B. An alert is generated in the Windows Event log.
C. The Digital Vault Cluster does not detect a node failure.
D. The heartbeat is no longer detected on the private network.
D. The heartbeat is no longer detected on the private network.
A user with administrative privileges to the vault can only grant other users privileges that he himself has.
A. FALSE
B. TRUE
B. TRUE
As long as you are a member of the Vault Admins group you can grant any permission on any safe.
A. TRUE
B. FALSE
B. FALSE
In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to "Fast Forward" within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.What could be the cause?
A. Recording is of a PSM for SSH session.
B. You need to update the recorder settings in the platform to enable screen capture every 10000 ms or less.
C. The browser you are using is out of date and needs an update to be supported.
D. You do not have the "View Audit" permission on the safe where the account is stored.
A. Recording is of a PSM for SSH session.
What is the purpose of the HeadStartlnterval setting m a platform?
A. It determines how far in advance audit data is collected tor reports
B. It instructs the CPM to initiate the password change process X number of days before expiration.
C. It instructs the AIM Provider to 'skip the cache' during the defined time period
D. It alerts users of upcoming password changes x number of days before expiration.
B. It instructs the CPM to initiate the password change process X number of days before expiration.
Which of the following PTA detections are included in the Core PAS offering?
A. Golden Ticket
B. Over-Pass-The Hash
C. Unmanaged Privileged Access
D. Suspected Credential Theft
C. Unmanaged Privileged Access vault
D. Suspected Credential Theft vault
Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.
A. FALSE
B. TRUE
A. FALSE
Which is the primary purpose of exclusive accounts?
A. Non-repudiation (individual accountability)
B. Reduced risk of credential theft
C. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization
D. More frequent password changes
A. Non-repudiation (individual accountability)
Which component must be installed on the Vault if Distributed Vaults is used with PSM?
A. Disaster Recovery
B. RabbitMQ
C. Remote Control Client
D. Distributed Vault Server
B. RabbitMQ
A Logon Account can be specified in the Master Policy.
A. FALSE
B. TRUE
A. FALSE
Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.
A. On Demand Privileges Manager (OPM
B. Accounts Discovery
C. Auto Detection (AD)
D. Discovery and Audit (DNA)
E. Export Vault Data (EVD)
B. Accounts Discovery
C. Auto Detection (AD)
D. Discovery and Audit (DNA)
Which report could show all accounts that are past their expiration dates?
A. Privileged Account Inventory report
B. Application Inventory report
C. Privileged Account Compliance Status report
D. Activity log
C. Privileged Account Compliance Status report
What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?
A. Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.
B. In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.
C. Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.
D. In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.
In the RADIUS server, define the CyberArk Vault as RADIUS client/agent
You have been asked to turn off the time access restrictions for a safe.Where is this setting found?
A. Password Vault Web Access (PVWA)
B. PrivateArk
C. RestAPI
D. Vault
B. PrivateArk
What are the basic network requirements to deploy a CPM server?
A. Port UDP/1858 to vault and all required ports to the targets and port 389 to the PSM.
B. All ports to the vault
C. Port 1858 only
D. Port 1858 to Vault and port 443 to PVWA
D. Port 1858 to Vault and port 443 to PVWA
What is the purpose of the Interval setting in a CPM policy?
A. To control how often the CPM looks for System Initiated CPM work
.B. To control how often the CPM looks for User Initiated CPM work.
C. To control the maximum amount of time the CPM will wait for a password change to complete
D. To control how long the CPM rests between password changes.
A. To control how often the CPM looks for System Initiated CPM work.
What is the maximum number of levels of authorization you can set up in Dual Control?
A. 3
B. 2
C. 1
D. 4
B. 2
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.
A. ImmediateInterval
B. The CPM does not change the password under this circumstance
C. Interval
D. HeadStartInterval
B. The CPM does not change the password under this circumstance
What is a requirement for setting fault tolerance for PSMs?
A. Use a load balancer
B. CPM must be in all data centers
C. use a backup solution
D. Install the Vault in an HA Cluster
A. Use a load balancer
Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?
A. Privileged Accounts Inventory
B. Privileged Accounts CPM Status
C. Privileged Accounts Compliance Status
D. Activity Log
C. Privileged Accounts Compliance Status
A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.Which locations must you update?
A. on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts
B. on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts
C. in the Private Ark client under Tools > Administrative Tools > Directory Mapping
D. on the Vault server in the certificate store and on the PVWA server in the certificate store
A. on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.Which safe permission do you need to grant Operations Staff? Check all that apply.
A. Use Accounts B. Retrieve Accounts C. List Accounts D. Authorize Password Requests E. Access Safe without Authorization
A. Use Accounts
B. Retrieve Accounts
C. List Accounts
VAULT authorizations may be granted to_____.
A. LDAP Groups
B. Vault Users
C. LDAP Users
D. Vault Groups
B. Vault Users
C. LDAP Users
Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)
A. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions
B. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions
C. Copy the entire contents of the CD to the system Safe on the Vault
D. Store the CD in a physical safe and mount the CD every time Vault maintenance is performed
A. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions
B. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions
D. Store the CD in a physical safe and mount the CD every time Vault maintenance is performed
To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?
A. Use Accounts
B. List Accounts, Use Accounts, Retrieve Accounts
C. List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation
D. List Accounts, Use Accounts
D. List Accounts, Use Accounts
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.What is the correct location to identify users or groups who can approve?
A. PVWA> Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers
B. PVWA> Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control> Approvers
C. PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership)
D. PVWA> Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests
D. PVWA> Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests
Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.
A. PSM connections from a terminal without the need to login to the PVWA.
B. Real-time live session monitoring.
C. Session Recording.
D. PSM connections to target devices that are not managed by CyberArk.
B. Real-time live session monitoring.
C. Session Recording.
D. PSM connections to target devices that are not managed by CyberArk.
You need to enable the PSM for all platforms. Where do you perform this task?
A. Master Policy > Session Management
B. Master Policy > Privileged Access Workflows
C. Administration > Options > Connection Components
D. Platform Management > (Platform) > UI & Workflows
A. Master Policy > Session Management
Which Automatic Remediation is configurable for a PTA detection of a "Suspected Credential Theft"?
A. Disable Account
B. Reconcile Credentials
C. Add to Pending
D. Rotate Credentials
D. Rotate Credentials
Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?
A. Use Accounts
B. Use Accounts, Retrieve Accounts, List Accounts
C. Use Accounts, List Accounts
D. List Accounts, Retrieve Accounts
C. Use Accounts, List Accounts
In a rule using "Privileged Session Analysis and Response" in PTA, which session options are available to configure as responses to activities?
A. Suspend, Terminate
B. Suspend, Terminate, Lock Account
C. Suspend, Terminate, None
D. Pause, Terminate, None
C. Suspend, Terminate, None
You have been asked to identify the up or down status of Vault services.Which CyberArk utility can you use to accomplish this task?
A. Syslog
B. Vault Replicator
C. Remote Control Agent
D. PAS Reporter
C. Remote Control Agent
What is the purpose of a linked account?
A. To ensure a particular set of accounts all change at the same time.
B. To connect the CPNI to a target system.
C. To allow more than one account to work together as part of a password management process.
D. To ensure that a particular collection of accounts all have the same password.
C. To allow more than one account to work together as part of a password management process.
Which values are acceptable in the address field of an Account?
A. It must be a Fully Qualified Domain Name (FQDN)
B. Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable
.C It must be an IP address
D. It must be NetBIOS name
B. Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable
It is possible to control the hours of the day during which a user may log into the vault.
A. FALSE
B. TRUE
B. TRUE
A customer installed multiple PVWAs in the production environment behind a load balancer VIP. They subsequently observed that all incoming traffic from the load balancer VIP goes to only one PVWA, even though all the PVWAs are up and running. What could be the likely cause of this situation?
A. SSL passthrough is not configured on the load balancer.
B. The load balancing pool only has one PVWA server
C. The Certificate of the load balancer is not a wild card cert
D. The load balancing algorithm is the least connections algorithm.
B. The load balancing pool only has one PVWA server
As a member of a PAM Level-2 support team, you are troubleshooting an issue related to load balancing four PVWA servers at two data centers. You received a note from your Level-1 support team stating "When testing PVWA website from a workstation, we noticed that the "Source IP of last sign-in" was shown as the VIP (Virtual IP address) assigned to the four PVWA servers instead of the workstation IP where the PVWA site was launched from."Which step should you take?
A. Verify the "LoadBalancerClientAddressHeader" parameter setting in PVWA configuration file Web.config is set to "X-Forwarded-For".
B. Add the VIP (Virtual IP address) assigned to the four PVWA servers to the certificates issued for all four PVWA servers, if missing.
C. Add a firewall rule to allow the testing workstation to connect to the VIP (Virtual IP address) assigned to the four PVWA servers on Port TCP 443.
D. Edit the dbparm.ini file on the Vault se
A. Verify the "LoadBalancerClientAddressHeader" parameter setting in PVWA configuration file Web.config is set to "X-Forwarded-For".
In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.What is the least intrusive way to accomplish this?
A. Use the "reconcile" button on the parent account's details page.
B. Use the "change" button on the parent account's details page.
C. Use the "change" button on the usage's details page.
D. Use the "sync" button on the usage's details page.
C. Use the "change" button on the usage's details page.
Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation.
A. 1.1.1.1
B. 255.255.255.255
C. 192.168.1.1
D. 8.8.8.8
A. 1.1.1.1
Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (Choose all that apply)
A. The PSM software must be instated on the target server
B. PSM must be enabled in the Master Policy (either directly, or through exception)
C. RDP must be enabled on the target server
D. PSMConnect must be added as a local user on the target server
A. The PSM software must be instated on the target serv
D. PSMConnect must be added as a local user on the target server
Platform settings are applied to _________.
A. Individual Accounts
B. The entire vault.
C. Safes
D. Network Areas
A. Individual Accounts
PSM for Windows (previously known as "RDP Proxy") supports connections to the following target systems
A. All of the above
B. UNIX
C. Windows
D. Oracle
A. All of the above
dbparm.ini is the main configuration file for the Vault.
A. True
B. False
A. True
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?
A. Auditors
B. Operators
C. Vault Admin
D. DR Users
A. Auditors
Note 
Flashcard (59)