CyberArk access-def practice test

Question 1

DRAG DROP
A user wants to install the CyberArk Identity mobile app by using a QR code.
Arrange the steps to do this in the correct sequence.

Question 2

Where can MFA filters be used? (Choose three.)

• A. User and Admin Portal login
• B. App level 2FA/MFA
• C. RADIUS
• D. Self-service password reset
• E. Editing personal profile attributes
• F. OAUTH2 connections

Question 3

Which 2FA/MFA options can be used if users cannot use their mobile device? (Choose two.)

• A. FID02
• B. Security questions
• C. OAUTH2
• D. QRcode
• E. Push notification app

Question 4

A user's account information required for multi-factor authentication is not set up properly and is
preventing the user from logging in.
What should you do?

• A. Use the MFA Unlock command in the Admin Portal to suspend multifactor authentication for 10 minutes.
• B. Delete the user's account and create a new one.
• C. Ask the user to delete all browser cookies, then try again.
• D. Change the user's director/ source from Active Directory to LDAP for authentication.

Question 5

Which statement is correct about the CyberArk Identity Windows Device Trust enrollment process?

• A. An enrollment code is optional.
• B. The endpoint does not need to be a domain-joined machine.
• C. You can define the maximum number of joinable endpoints.
• D. You can define the minimum number of joinable endpoints.

Question 6

ACME Corporation employees access critical business web applications through CyberArk Identity.
You notice a constant high volume of unauthorized traffic from 103.1.200.0/24 trying to gain access
to the CyberArk Identity portal. Access to the CyberArk Identity portal is time sensitive. ACME
decides to enforce IP restrictions to reduce vulnerability.
Which configuration can help achieve this?

• A. Login in to the CyberArk Identity Admin portal and define the IP range of 103 1 200 0/24 into the ACME Corporation IP range.
• B. Log in to the CyberArk Identity Admin portal and define the IP range of 103 1 200 0/24 into the blocked IP range.
• C. Implement device trust through the Windows Cloud Agent.
• D. Implement zero trust through the App Gateway.

Question 7

Refer to the exhibit.
Which statements are correct regarding this Authentication Policy? (Choose two.)

• A. Users will still be asked for their MFA even if they mistyped their username.
• B. If users have set up CyberArk Mobile Authenticator as an MFA, they will still receive the Push Notification to confirm the request even if they mistyped their password.
• C. Users will not be notified which challenge they failed if their login attempt failed.
• D. If users have set up a Security Question as an MFA, the Security Question will not be displayed to the user to answer even if they mistyped their password.
• E. If the first factor is password and the user is an Active Directory user and the Active Directory is unavailable, this setting does not matter because the user will not be able to authenticate through Active Directory credentials and will see the message "Active Directory not available".

Question 8

DRAG DROP
Your organization wants to automatically create user accounts with different Salesforce licenses (e.g.,
Salesforce, Identity, Chatter External).
In CyberArk Identity, arrange the steps to achieve this in the correct sequence.

Question 9

DRAG DROP
Match each User Portal tab to the correct description.

Question 10

Refer to the exhibit.
Within the "Allow user notifications on multiple devices", if you leave the setting as Default (--), what
happens if a user triggers a MFA Push notification and has enrolled three different devices?

• A. The push notification will be sent to none of the enrolled devices.
• B. The push notification will be sent to the first enrolled device only.
• C. The push notification will be sent to all enrolled devices.
• D. The push notification will be sent to the last enrolled device only.

Question 11

An organization previously allowed users to add their personal apps on the Identity User Portal. This
will soon be disabled due to policy changes.
What is the impact to the users for personal apps previously added to the User Portal?

• A. They will continue to function normally; however, users cannot add new apps.
• B. They will continue to display on the Apps screen and user devices; however, they will be greyed out and unavailable for any form of interaction.
• C. They will be deleted from the Apps screen and user devices.
• D. They will continue to display on the Apps screen and user devices; however, an error message will display when users try to open the application.

Question 12

Which protocols can CyberArk provide MFA for VPN? (Choose two.)

• A. SAML
• B. RADIUS
• C. IMAP
• D. TACACS
• E. LDAP

Question 13

Which device enrollment settings are valid? (Choose two.)

• A. Send notification on device enrollment
• B. Enable invite based enrollment
• C. Minimum number of devices a user can enroll
• D. Reassign the device to another user
• E. Permanently delete device

Question 14

What is considered an "Identity Provider Initiated" login to an application?

• A. After signing in to the CyberArk Identity portal, a user launches a SAML app by clicking an app tile.
• B. After visiting a third-party web app, a user is redirected to CyberArk Identity for authentication.
• C. A user visits a third party web app directly and signs in with local credentials.
• D. A user signs in to the CyberArk Identity portal and takes a screenshot of the portal to send to IT.

Question 15

CyberArk Identity's App Gateway can be used to protect and access which option?

• A. on-premises Oracle web app
• B. cloud-hosted Salesforce environment
• C. a corporate laptop
• D. a web browser