CAU302 CyberArk Defender + Sentry Questions and Answers

When managing SSH keys, the Central Policy Manager (CPM) stores the private key .

Where do you configure in PVWA the fully-qualified domain name (FQDN) of your target email server during SMTP integration?

During the process of installing the Central Policy Manager (CPM), the Vault administrator will be asked to provide the credentials for an administrative user in the Vault. For which purpose are these credentials used?

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

What is the purpose of the PrivateArk Database service?

Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Which service is optional on the Vault?

Which report shows the accounts that are accessible to each user?

What is the purpose of the password Change process?

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

A Logon Account can be specified in the platform settings

Which service should NOT be running on the DR Vault when the primary production Vault is up?

Which file would you modify to configure your Vault Server to forward Activity Logs to a SIEM or SYSLOG server?

A SIEM integration allows you to forward ITALOG records to a monitoring solution.

PTA can automatically suspend sessions in case of suspicious activities detected in a privileged session, only if the session is made via the CyberArk PSM.

Which Master Policy?

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Any user can monitor live sessions in real time when users initiate RDP connection via Secure Connect through PSM?

A logon account can be specified in the platform settings.

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure access a password without approval

PSM requires the Remote Desktop Session Host role service.

During the process of installing the CPM, you will be asked to provide the credentials for an administrate user in the Vault. What are these credentials used for?

You are successfully managing passwords in the alpha.cyberark com domain; however when you attempt to manage a password in the beta.cyberark.com domain, you receive the 'network path not found* error What should you check first?

What are the chief benefits of PSM? Choose all that apply

Which of the following options is not set in the Master Policy?

Which Built-in group grants access to the ADMINISTRATION page?

The following applications are pre-configured to work with PSM. but first need to be installed on the PSM server.

Which user(s) can access all passwords in the vault

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.D18912E1457D5D1DDCBD40AB3BF70D5D

An SMTP integration allows you to forward audit records from the vault to the SIEM.

Time of day of week restrictions on when password changes can occur are configured in ________________.

What are the operating system prerequisites for installing CPM? Select all that apply.

Which of the following logs contain information about errors related to PTA?

Which credentials does CyberArk use when managing a target account?

According to the default web options settings, which group grants access to the reports page?

When the PSM Gateway (also known as the HTML5 ( End Point in order to launch connections via the PSM

Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords.

Which file is used to configure the ENE service?

What is the purpose of the CyberArk Event Notification Engine service.

The DR module allows an integration with Enterprise Backup software

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault.

In order to grant a permission to a user, and administrator MUST possess that permission.

Which one of the following reports is NOT generated by using the PVWA?

In an SMTP integration it is recommended to use the fully-qualified domain name (FQDN) when specifying the SMTP server addresses).

The Vault Internal safe contains all of the configuration for the vault.

To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers need to be configured to communicate with the Primary Vault and Satellite Vaults. What file needs to be changed on the PVWA to enable this setup?

Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply

What is the name of the Platform parameter that determines the amount of time a person is allowed to use a One Time Password?

Which of the following are secure options for storing the contents of the Operator CD. while still allowing the contents to be accessible upon a planned Vault restart? Choose alt that apply

PSM for SSH (previously known as “PSM SSH Proxy”) supports connections to the following target systems:

In a Disaster Recovery (DR) environment, which of the following should NEVER be configured for automatic failover due to the possibility of split-brain phenomenon?

The Vault can only integrate with a single Security Information and Event Management (SIEM) or SYSLOG server.

If a transparent user belongs two different directory mappings, how does the system determine which user template to use?

The vault supports Subnet Based Access Control.

For the hardening process to complete successfully, security products like Antivirus should be installed on the Vault server before running the vault installer

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to UnixAdmins? Check all that apply

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests?

Which one of the built-in Vault users is not automatically added to the safe when it is first created in PVWA?

A SIEM integration allows you to forward audit records to a monitoring solution.

An SMTP integration allows you to forward audit records to a monitoring solution.

HA, DR, Replicate are mutually exclusive and cannot be used in the same environment.

Which file is used to integrate the Vault with the RADIUS server?

Which of the following is considered a prerequiste for installing PSM?

What is the process to remove object level access control from a Safe?

Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

Access Control to passwords is implemented by ________________.

What is the primary purpose of One Time Passwords?