Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

PAM-DEF CyberArk Defender - PAM Questions and Answers

Questions 4

A user needs to view recorded sessions through the PVWA.

Without giving auditor access, which safes does a user need access to view PSM recordings? (Choose two.)

Options:

A.

Recordings safe

B.

Safe the account is in

C.

System safe

D.

PVWAConfiguration safe

E.

VaultInternal safe

Buy Now
Questions 5

Which values are acceptable in the address field of an Account?

Options:

A.

It must be a Fully Qualified Domain Name (FQDN)

B.

It must be an IP address

C.

It must be NetBIOS name

D.

Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

Buy Now
Questions 6

Select the best practice for storing the Master CD.

Options:

A.

Copy the files to the Vault server and discard the CD

B.

Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD

C.

Store the CD in a secure location, such as a physical safe

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault

Buy Now
Questions 7

You have been asked to delegate the rights to unlock users to Tier 1 support. The Tier 1 support team already has an LDAP group for its members.

Arrange the steps to do this in the correct sequence.

PAM-DEF Question 7

Options:

Buy Now
Questions 8

In your organization the “click to connect” button is not active by default.

How can this feature be activated?

Options:

A.

Policies > Master Policy > Allow EPV transparent connections > Inactive

B.

Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

C.

Policies > Master Policy > Allow EPV transparent connections > Active

D.

Policies > Master Policy > Password Management

Buy Now
Questions 9

You are logging into CyberArk as the Master user to recover an orphaned safe.

Which items are required to log in as Master?

Options:

A.

Master CD, Master Password, console access to the Vault server, Private Ark Client

B.

Operator CD, Master Password, console access to the PVWA server, PVWA access

C.

Operator CD, Master Password, console access to the Vault server, Recover.exe

D.

Master CD, Master Password, console access to the PVWA server, Recover.exe

Buy Now
Questions 10

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Buy Now
Questions 11

What is required to enable access over SSH to a Unix account through both PSM and PSMP?

Options:

A.

The platform must contain connection components for PSM-SSH and PSMP-SSH.

B.

PSM and PSMP must already have stored the SSH Fingerprint for the Unix host.

C.

The 'Enable PSMP' setting in the Unix platform must be set to Yes.

D.

A duplicate platform (Called) with the PSMP settings must be created.

Buy Now
Questions 12

Accounts Discovery allows secure connections to domain controllers.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 13

You are configuring a Vault HA cluster.

Which file should you check to confirm the correct drives have been assigned for the location of the Quorum and Safes data disks?

Options:

A.

ClusterVault.ini

B.

my.ini

C.

vault.ini

D.

DBParm.ini

Buy Now
Questions 14

In addition to add accounts and update account contents, which additional permission on the safe is required to add a single account?

Options:

A.

Upload Accounts Properties

B.

Rename Accounts

C.

Update Account Properties

D.

Manage Safe

Buy Now
Questions 15

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

Options:

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Buy Now
Questions 16

Which of these accounts onboarding methods is considered proactive?

Options:

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Buy Now
Questions 17

Which report could show all accounts that are past their expiration dates?

Options:

A.

Privileged Account Compliance Status report

B.

Activity log

C.

Privileged Account Inventory report

D.

Application Inventory report

Buy Now
Questions 18

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Buy Now
Questions 19

You need to enable the PSM for all platforms.

Where do you perform this task?

Options:

A.

Platform Management > (Platform) > UI & Workflows

B.

Master Policy > Session Management

C.

Master Policy > Privileged Access Workflows

D.

Administration > Options > Connection Components

Buy Now
Questions 20

You created a new safe and need to ensure the user group cannot see the password, but can connect through the PSM.

Which safe permissions must you grant to the group? (Choose two.)

Options:

A.

List Accounts Most Voted

B.

Use Accounts Most Voted

C.

Access Safe without Confirmation

D.

Retrieve Files

E.

Confirm Request

Buy Now
Questions 21

Which change could CyberArk make to the REST API that could cause existing scripts to fail?

Options:

A.

adding optional parameters in the request

B.

adding additional REST methods

C.

removing parameters

D.

returning additional values in the response

Buy Now
Questions 22

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Options:

A.

True

B.

False

Buy Now
Questions 23

A Reconcile Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 24

Match each component to its respective Log File location.

PAM-DEF Question 24

Options:

Buy Now
Questions 25

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 26

Within the Vault each password is encrypted by:

Options:

A.

the server key

B.

the recovery public key

C.

the recovery private key

D.

its own unique key

Buy Now
Questions 27

Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Options:

A.

Discovery and Audit (DMA)

B.

Auto Detection (AD)

C.

Export Vault Data (EVD)

D.

On Demand Privileges Manager (OPM)

E.

Accounts Discovery

Buy Now
Questions 28

PSM for Windows (previously known as “RDP Proxy”) supports connections to the following target systems

Options:

A.

Windows

B.

UNIX

C.

Oracle

D.

All of the above

Buy Now
Questions 29

When creating an onboarding rule, it will be executed upon .

Options:

A.

All accounts in the pending accounts list

B.

Any future accounts discovered by a discovery process

C.

Both “All accounts in the pending accounts list” and “Any future accounts discovered by a discovery process”

Buy Now
Questions 30

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 31

It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 32

Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Activity Log

D.

Privileged Accounts CPM Status

Buy Now
Questions 33

When are external vault users and groups synchronized by default?

Options:

A.

They are synchronized once every 24 hours between 1 AM and 5 AM. Most Voted

B.

They are synchronized once every 24 hours between 7 PM and 12 AM.

C.

They are synchronized every 2 hours.

D.

They are not synchronized according to a specific schedule.

Buy Now
Questions 34

You have been asked to turn off the time access restrictions for a safe.

Where is this setting found?

Options:

A.

PrivateArk Client

B.

RestAPI

C.

PVWA

D.

Vault

Buy Now
Questions 35

An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?

Options:

A.

PSMAdminConnect

B.

Shadowuser

C.

PSMConnect

D.

Credentials stored in the Vault for the target machine

Buy Now
Questions 36

What are the minimum permissions to add multiple accounts from a file when using PVWA bulk-upload? (Choose three.)

Options:

A.

add accounts

B.

rename accounts

C.

update account content

D.

update account properties

E.

view safe members

F.

add safes

Buy Now
Questions 37

Match each key to its recommended storage location.

PAM-DEF Question 37

Options:

Buy Now
Questions 38

Which statement is true about setting the reconcile account at the platform level?

Options:

A.

This is the only way to enable automatic reconciliation of account passwords.

B.

CPM performance will be improved when the reconcile account is set at the platform level.

C.

A rule can be used to specify the reconcile account dynamically or a specific reconcile account can be selected.

D.

This configuration prevents the association from becoming broken if the reconcile account is moved to a different safe.

Buy Now
Questions 39

In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to “Fast Forward” within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.

What could be the cause?

Options:

A.

Recording is of a PSM for SSH session.

B.

The browser you are using is out of date and needs an update to be supported.

C.

You do not have the “View Audit” permission on the safe where the account is stored.

D.

You need to update the recorder settings in the platform to enable screen capture every 10000 ms or less.

Buy Now
Questions 40

Secure Connect provides the following. Choose all that apply.

Options:

A.

PSM connections to target devices that are not managed by CyberArk.

B.

Session Recording

C.

Real-time live session monitoring.

D.

PSM connections from a terminal without the need to login to the PVWA

Buy Now
Questions 41

Which user is automatically added to all Safes and cannot be removed?

Options:

A.

Auditor

B.

Administrator

C.

Master

D.

Operator

Buy Now
Questions 42

When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

Options:

A.

Any one person from that group

B.

Every person from that group

C.

The number of persons specified by the Master Policy

D.

That access cannot be granted to groups

Buy Now
Questions 43

Which methods can you use to add a user directly to the Vault Admin Group? (Choose three.)

Options:

A.

REST API

B.

PrivateArk Client

C.

PACLI

D.

PVWA

E.

Active Directory

F.

Sailpoint

Buy Now
Questions 44

Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.

How do you accomplish this?

Options:

A.

Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies

B.

Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording Most Voted

C.

Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies

D.

Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies

Buy Now
Questions 45

What is the name of the Platform parameters that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

Options:

A.

Min Validity Period

B.

Interval

C.

Immediate Interval

D.

Timeout

Buy Now
Questions 46

What can you do to ensure each component server is operational?

Options:

A.

Logon to PVWA with v10 UI, navigate to Healthcheck, and validate each component server is connected to the Vault.

B.

Ping each component server to ensure connectivity.

C.

Use the PrivateArk client to connect to the Vault server and validate all the services are running.

D.

Install the Vault Server interface on a remote machine to avoid interactive logon to the Vault OS and review the ITALog.log through the Vault Server interface.

Buy Now
Questions 47

A Logon Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 48

The Accounts Feed contains:

Options:

A.

Accounts that were discovered by CyberArk in the last 30 days

B.

Accounts that were discovered by CyberArk that have not yet been onboarded

C.

All accounts added to the vault in the last 30 days

D.

All users added to CyberArk in the last 30 days

Buy Now
Questions 49

The Active Directory User configured for Windows Discovery needs which permission(s) or membership?

Options:

A.

Member of Domain Admin Group

B.

Member of LDAP Admin Group

C.

Read and Write Permissions

D.

Read Only Permissions

Buy Now
Questions 50

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Options:

A.

on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

B.

on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Buy Now
Questions 51

It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 52

What is the purpose of the HeadStartlnterval setting m a platform?

Options:

A.

It determines how far in advance audit data is collected tor reports

B.

It instructs the CPM to initiate the password change process X number of days before expiration.

C.

It instructs the AIM Provider to ‘skip the cache' during the defined time period

D.

It alerts users of upcoming password changes x number of days before expiration.

Buy Now
Questions 53

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account’s password the Central Policy Manager (CPM) will:

Options:

A.

ignore the logon account and attempt to log in as root

B.

prompt the end user with a dialog box asking for the login account to use

C.

log in first with the logon account, then run the SU command to log in as root using the password in the Vault

D.

none of these

Buy Now
Questions 54

Match each permission to where it can be found.

PAM-DEF Question 54

Options:

Buy Now
Questions 55

PSM captures a record of each command that was executed in Unix.

Options:

A.

TRIE

B.

FALSE

Buy Now
Questions 56

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Options:

A.

Require dual control password access Approval

B.

Enforce check-in/check-out exclusive access

C.

Enforce one-time password access

D.

Enforce check-in/check-out exclusive access & Enforce one-time password access

Buy Now
Questions 57

dbparm.ini is the main configuration file for the Vault.

Options:

A.

True

B.

False

Buy Now
Questions 58

tsparm.ini is the main configuration file for the Vault.

Options:

A.

True

B.

False

Buy Now
Questions 59

When managing SSH keys, the CPM stored the Private Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the private key can always be generated from the public key.

Buy Now
Questions 60

As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 61

You are creating a new Rest API user that utilizes CyberArk Authentication.

What is a correct process to provision this user?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User

B.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add

C.

PVWA > User Provisioning > LDAP Integration > Add Mapping

D.

PVWA > User Provisioning > Users and Groups > New > User

Buy Now
Questions 62

A user with administrative privileges to the vault can only grant other users privileges that he himself has.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 63

You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events.

Where must you update the group to allow this?

Options:

A.

in the PTAAuthorizationGroups parameter, found in Administration > Options > PTA

B.

in the PTAAuthorizationGroups parameter, found in Administration > Options > General

C.

in the SecurityEventsAuthorizationGroups parameter, found in Administration > Security > Options

D.

in the SecurityEventsFeedAuthorizationGroups parameter, found in Administration > Options > General

Buy Now
Questions 64

What is the chief benefit of PSM?

Options:

A.

Privileged session isolation

B.

Automatic password management

C.

Privileged session recording

D.

‘Privileged session isolation’ and ‘Privileged session recording’

Buy Now
Questions 65

What is required to manage loosely connected devices?

Options:

A.

PSM for SSH

B.

EPM

C.

PSM

D.

PTA

Buy Now
Questions 66

Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

PAM-DEF Question 66

Options:

Buy Now
Questions 67

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Options:

A.

The heartbeat s no longer detected on the private network.

B.

The shared storage array is offline.

C.

An alert is generated in the Windows Event log.

D.

The Digital Vault Cluster does not detect a node failure.

Buy Now
Questions 68

Which file must be edited on the Vault to configure it to send data to PTA?

Options:

A.

dbparm.ini

B.

PARAgent.ini

C.

my.ini

D.

padr.ini

Buy Now
Questions 69

The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys.

How are these keys managed?

Options:

A.

CyberArk stores Private keys in the Vault and updates Public keys on target systems.

B.

CyberArk stores Public keys in the Vault and updates Private keys on target systems.

C.

CyberArk does not store Public or Private keys and instead uses a reconcile account to create keys on demand.

D.

CyberArk stores both Private and Public keys and can update target systems with either key.

Buy Now
Questions 70

Match the connection component to the corresponding OS/Function.

PAM-DEF Question 70

Options:

Buy Now
Questions 71

Which usage can be added as a service account platform?

Options:

A.

Kerberos Tokens

B.

IIS Application Pools

C.

PowerShell Libraries

D.

Loosely Connected Devices

Buy Now
Questions 72

A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

Options:

A.

createcredfile.exe

B.

cavaultmanager.exe

C.

PrivateArk

D.

PVWA

Buy Now
Exam Code: PAM-DEF
Exam Name: CyberArk Defender - PAM
Last Update: Dec 11, 2024
Questions: 239

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PAM-DEF testing engine

PDF (Q&A)

$36.75  $104.99
buy now PAM-DEF pdf