CyberArk pam-def practice test

Question 1

DRAG DROP

Match each component to its respective Log File location.

Question 2

Which statement about the Master Policy best describes the differences between one-time password and exclusive access functionality?

• A. Exclusive access means that only a specific group of users may use the account. After an account on a one-time password platform is used, the account is deleted from the safe automatically.
• B. Exclusive access locks the account indefinitely. One-time password can be used replace invalid account passwords.
• C. Exclusive access is enabled by default in the Master Policy. One-time password should only be enabled for emergencies.
• D. Exclusive access allows only one person to check-out an account at a time. One-time password schedules an account for a password change after the MinValidityPeriod period expires.

Question 3

What are common ways that organizations leverage the CyberArk Blueprint for Identity Security Success? (Choose three.)

• A. to understand the identity attack chain
• B. to discover all digital identities
• C. to describe the explicit order of operations for Identity Security
• D. to assess an organizations security posture
• E. to build an Identity Security roadmap
• F. to secure their human identities

Question 4

Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.
How do you accomplish this?

• A. Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies
• B. Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording
• C. Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies
• D. Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies

Question 5

Which accounts can be selected for use in the Windows discovery process? (Choose two.)

• A. an account stored in the Vault
• B. an account specified by the user
• C. the Vault Administrator
• D. any user with Auditor membership
• E. the PasswordManager user

Question 6

Which dependent accounts does the CPM support out-of-the-box? (Choose three.)

• A. Solaris Configuration file
• B. Windows Services
• C. Windows Scheduled Tasks
• D. Windows DCOM Applications
• E. Windows Registry
• F. Key Tab file

Question 7

You want to generate a license capacity report.

Which tool accomplishes this?

• A. Password Vault Web Access
• B. PrivateArk Client
• C. DiagnoseDB Report
• D. RestAPI

Question 8

Which processes reduce the risk of credential theft? (Choose two.)

• A. require dual control password access approval
• B. require password change every X days
• C. enforce check-in/check-out exclusive access
• D. enforce one-time password access

Question 9

Where can reconcile and/or logon accounts be linked to an account? (Choose two.)

• A. account settings
• B. platform settings
• C. master policy
• D. safe settings
• E. service account settings

Question 10

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

• A. Export Vault Data
• B. Export Vault Information
• C. PrivateArk Client
• D. Privileged Threat Analytics