Weekend Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

CyberArk PAM-CDE-RECERT Dumps

Page: 1 / 21
Total 207 questions
Get PAM-CDE-RECERT Full Access Download PAM-CDE-RECERT PDF

CyberArk CDE Recertification Questions and Answers

Question 1

What is the maximum number of levels of authorization you can set up in Dual Control?

Options:

A.

1

B.

2

C.

3

D.

4

Question 2

What is the purpose of the PrivateArk Server service?

Options:

A.

Executes password changes

B.

Maintains Vault metadata

C.

Makes Vault data accessible to components

D.

Sends email alerts from the Vault

Question 3

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)

Options:

A.

Store the CD in a physical safe and mount the CD every time Vault maintenance is performed

B.

Copy the entire contents of the CD to the system Safe on the Vault

C.

Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions

D.

Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions

Question 4

When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

Options:

A.

True; this is the default behavior

B.

False; this is not possible

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file

D.

True, if the AllowFailback setting is set to “yes” in the dbparm.ini file

Question 5

Which report provides a list of account stored in the vault.

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Entitlement Report

D.

Active Log

Question 6

Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Options:

A.

TRUE

B.

FALSE

Question 7

What is the purpose of the Immediate Interval setting in a CPM policy?

Options:

A.

To control how often the CPM looks for System Initiated CPM work.

B.

To control how often the CPM looks for User Initiated CPM work.

C.

To control how often the CPM rests between password changes.

D.

To Control the maximum amount of time the CPM will wait for a password change to complete.

Question 8

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Options:

A.

TRUE

B.

FALSE

Question 9

In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA Hardening.ps1 perform when run?

Options:

A.

Performs IIS hardening: Imports the CyberArk INF configuration

B.

Performs IIS hardening: Configures all group policy settings

C.

Performs IIS hardening: Renames the local Administrator Account

D.

Configures Windows Firewall: Removes all installation files.

Question 10

What is the purpose of the HeadStartlnterval setting m a platform?

Options:

A.

It determines how far in advance audit data is collected tor reports

B.

It instructs the CPM to initiate the password change process X number of days before expiration.

C.

It instructs the AIM Provider to ‘skip the cache' during the defined time period

D.

It alerts users of upcoming password changes x number of days before expiration.

Question 11

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Options:

A.

True

B.

False, a user can submit the request after the connection has already been initiated via the PSM for Windows

Question 12

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Question 13

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

Options:

A.

PSM-SSH Connection Component

B.

UnixPrompts.ini

C.

UnixProcess.ini

D.

PSM-RDP Connection Component

Question 14

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

Options:

A.

PSMConnect

B.

PSMMaster

C.

PSMGwUser

D.

PSMAdminConnect

Question 15

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:

A.

Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.

C.

In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.

Question 16

Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Options:

A.

Auditors

B.

Vault Admin

C.

DR Users

D.

Operators

Question 17

By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

Options:

A.

Vault Admins

B.

Security Admins

C.

Security Operators

D.

Auditors

Question 18

Which user(s) can access all passwords in the Vault?

Options:

A.

Administrator

B.

Any member of Vault administrators

C.

Any member of auditors

D.

Master

Question 19

Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Options:

A.

The Master Policy

B.

The Platform settings

C.

The Safe settings

D.

The Account Details

Question 20

Which is the primary purpose of exclusive accounts?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Question 21

Which one the following reports is NOT generated by using the PVWA?

Options:

A.

Accounts Inventory

B.

Application Inventory

C.

Sales List

D.

Convince Status

Question 22

The password upload utility must run from the CPM server

Options:

A.

TRUE

B.

FALSE

Question 23

How does the Vault administrator apply a new license file?

Options:

A.

Upload the license.xml file to the system Safe and restart the PrivateArk Server service

B.

Upload the license.xml file to the system Safe

C.

Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service

D.

Upload the license.xml file to the Vault Internal Safe

Question 24

What is the purpose of the CyberArk Event Notification Engine service?

Options:

A.

It sends email messages from the Central Policy Manager (CPM)

B.

It sends email messages from the Vault

C.

It processes audit report messages

D.

It makes Vault data available to components

Question 25

For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.

as

Options:

Question 26

In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA?

Options:

A.

PVWAMonitor

B.

ReportUsers

C.

PVWAReports

D.

Operators

Question 27

A Reconcile Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Question 28

What is the easiest way to duplicate an existing platform?

Options:

A.

From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.

B.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.

C.

From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.

D.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.

Question 29

A Logon Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Question 30

Which of the following logs contains information about errors related to PTA?

Options:

A.

ITAlog.log

B.

diamond.log

C.

pm_error.log

D.

WebApplication.log

Question 31

To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes.

Which configuration is correct?

Options:

A.

Require privileged session monitoring and isolation = inactive; Record and save session activity = active.

B.

Require privileged session monitoring and isolation = inactive; Record and save session activity = inactive.

C.

Require privileged session monitoring and isolation = active; Record and save session activity = active.

D.

Require privileged session monitoring and isolation = active; Record and save session activity = inactive.

Load More PAM-CDE-RECERT Questions
Page: 1 / 21
Total 207 questions
Get PAM-CDE-RECERT Full Access Download PAM-CDE-RECERT PDF