Latest CyberArk PAM-DEF-SEN Exam Dumps Questions [2022] For Learning

Eleanor2024-10-14T15:37:18+00:00

By Eleanor CyberArk

PAM-DEF-SEN CyberArk Defender – PAM & Sentry – PAM certification exam, previously known as the CAU302 exam, is for candidates to demonstrate competency in maintaining day-to-day operations and support the ongoing performance of the CyberArk Privileged Access Management Solution. Latest CyberArk PAM-DEF-SEN exam dumps questions are available online for your learning. The PAM-DEF-SEN exam dumps are accessible to direct you in the perfect manner. The ones keen on passing the PAM-DEF-SEN CyberArk Defender – PAM & Sentry – PAM exam, possess a deliberate methodology and they are able to do it by observing the guidelines. Just choose the latest PAM-DEF-SEN exam dumps questions as your preparation materials.

Read CyberArk PAM-DEF-SEN FREE Dumps Below

Page 1 of 9

1. PSM captures a record of each command that was issues in SQL Plus.

TRUE

FALSE

2. The following applications are pre-configured to work with PSM. but first need to be installed on the PSM server.

SQL Plus

Putty

RDP

WinSCP

Toad

VMWare vSphere Client

Microsoft SQL Management Studio

3. Which file is used to configure the ENE service?

ini

ENEConfig.ini

dbparm.ini

paragent.ini

4. Any user can monitor live sessions in real time when users initiate RDP connection via Secure Connect through PSM?

TRUE

FALSE

5. Which of the following logs contain information about errors related to PTA?

ITAlog.log

diamond.log

pm_error.log

WebApplication.log

6. Time of day of week restrictions on when password changes can occur are configured in ________________.

The Master Policy

The Platform settings

The Safe settings

The Account Details

7. The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a “Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry.

The PSM Component Server is configured as defined in PAS Installation Guide.

The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed and must be rebuilt.

The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed. Hardening procedures must be applied manually to the existing configuration.

The PSM Component Server has been installed correctly but PVWA Hardening procedures have not been followed. Hardening procedures can be applied via the Installation Automation script or manually to the existing configuration.

8. Which one of the following reports is NOT generated by using the PVWA?

Accounts Inventory

Application Inventory

Active/Non-Active Users

Compliance Status

9. In a Disaster Recovery (DR) environment, which of the following should NEVER be configured for automatic failover due to the possibility of split-brain phenomenon?

Password Vault Web Access (PVWA)

PSM

CPM

PTA

10. In accordance with best practice. SSH access is denied for root accounts on UNIX/LINUX systems.

What is the BEST way to allow CPM to manage root accounts?

Create a privileged account on the target server Allow this account the ability to SSH directly from the CPM machine Configure this account as the Reconcile account of the target server's root account.

Create a non-privileged account on the target server Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account

Configure the Unix system to allow SSH logins.

Configure the CPM to allow SSH logins

Page 2 of 9

11. Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the domain controller during LDAP/S integration?

PVWA > Platform Management > LDAP Integration

PVWA > Administration > LDAP Integration

PVWA > Administration > Options > LDAP Integration

PVWA > LDAP Integration

12. Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

TRUE

FALSE

13. When managing SSH keys, the CPM stores the Public Key ________________.

In the Vault

On the target server

A & B

Nowhere because the public key can always be generated from the private key

14. You are successfully managing passwords in the alpha.cyberark com domain; however when you attempt to manage a password in the beta.cyberark.com domain, you receive the 'network path not found* error.

What should you check first?

That the username and password are correct.

That the CPM can successfully resolve addresses in the beta cyberark com domain

That the end user has the correct permissions on the safe

That an appropriate trust relationship exists between alphaxyberark.com and beta.cyberark.com

15. What is the purpose of EVD?

To extract vault metadata into an open database platform.

To allow editing of vault metadata.

To create a backup of the MySQL database.

To extract audit data from the vault.

16. The System safe allows access to the Vault configuration files.

TRUE

FALSE

17. Which service should NOT be running on the DR Vault when the primary Production Vault is up?

PrivateArk Database

PrivateArk Server

CyberArk Vault Disaster Recovery (DR) service

CyberArk Logical Container

18. Which keys are required to be present in order to start the PrivateArk Server Service? Select all that apply.

Server Key

Recovery Public Key

Recovery Private Key

Safe Key

19. Accounts Discovery allows secure connections to domain controllers.

TRU

FALSE

20. Which of the following are prerequisites for installing PVWA Check all that Apply

Web Services Role

NET 4.5.1 Framework Feature

Remote Desktop Services Role

Windows BitLocker

Page 3 of 9

21. What is the purpose of the Allowed Safes parameter in a CPM policy? Select all that apply.

To improve performance by reducing CPU workload.

To prevent accidental use of a policy in the wrong safe.

To allow users to access only the passwords they should be able to access.

To enforce Least Privilege in CyberArk.

22. An auditor initiates a LIVE monitoring session to PSM server to view an ongoing LIVE session.

When the auditor’s machine makes an RDP connection the PSM server, which user will be used?

PSMAdminConnect

Shadowuser

PSMConnect

Credentials Stored in the Vault for the Target Machine

23. Which combination of safe member permissions will allow End Users to log in to a remote machine transparently but NOT show or copy the password?

Use Accounts, Retrieve Accounts, List Accounts

Use Accounts, List Accounts

Use Accounts

List Accounts, Retrieve Accounts

24. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.)

Use Accounts

Retrieve Accounts

List Accounts

Authorize Password Requests

Access Safe without Authorization

25. What is the purpose of the password verify process?

To test that CyberArk is storing accurate credentials for accounts.

To change the password of an account according to organizationally defined password rules.

To allow CyberArk to manage unknown or lost credentials.

To generate a new complex password.

26. A SIEM integration allows you to forward ITALOG records to a monitoring solution.

TRUE

FALSE

27. Which credentials does CyberArk use when managing a target account?

Those of the service account for the CyberArk Password Manager service

A Domain Administrator account created for this purpose

The credentials of the target account

An account assigned by the Master Policy

28. According to the default web options settings, which group grants access to the reports page?

PVWAMonitor

PVWAUsers

Auditors

Vault administrators

29. If a transparent user belongs two different directory mappings, how does the system determine which user template to use?

The system will use the template for the mapping listed first.

The system will use the template for the mapping listed last.

The system will grant all of the vault authorizations from the two templates.

The system will grant only the vault authorizations that are listed in both templates.

30. Which of these accounts onboarding methods is considered proactive?

Accounts Discovery

Detecting accounts with PTA

A Rest API integration with account provisioning software

A DNA scan

Page 4 of 9

31. It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

TRUE

FALSE

32. The Vault server requires WINS services to work properly.

True

False

33. What is the purpose of the Interval setting in a CPM policy?

To control how often the CPM looks for System Initiated CPM work

To control how often the CPM looks for User Initiated CPM work.

To control how long the CPM rests between password changes

To control the maximum amount of time the CPM will wait for a password change to complete

34. When working with the CyberArk Disaster Recovery (DR) solution, which services should be running on the DR Vault?

CyberArk Vault Disaster Recovery (DR), PrivateArk Database

CyberArk Vault Disaster Recovery

CyberArk Vault Disaster Recovery, PrivateArk Database, PrivateArk Server

CyberArk Vault Disaster Recovery, PrivateArk Database, CyberArk Event Notification Engine

35. A safe was recently created by a user who is a member of the LDAP Vault Administrators group.

Which of the following users does not have access to the newly created safe by default?

Master

Administrator

Auditor

Backup

36. One of your users is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign in to the pvwa.

Which utility would you use to correct this problem?

createcredfile.exe

cavaultmanager.exe

PrivateArk

PVWA

37. DRAG DROP

Match the log file name with the CyberArk Component that generates the log.

38. Which utility can be used to copy a server key to an HSM?

PrivateArk Client

A proprietary utility provided by the HSM Vendor

ChangeServerKeys.exe

CAVaultManager.exe

39. What are the functions of the Remote Control Agent service? (Choose all that apply.)

Allows remote monitoring of the Vault

Sends SNMP traps from the Vault

Maintains audit data

Allows CyberArk Services to be managed (start/stop/status) remotely

40. Is it possible to modify the CyberArk Vault Audit Log?

Yes, a Vault administrator can modify the Audit log

No, the audit trail is tamper proof and cannot be edited, not even by Master

Yes, but only the Master user can modify the Audit log

Yes, a Vault administrator can edit the Audit log but only with explicit permission from CyberArk

Page 5 of 9

41. Which Master Policy?

Password Expiration Time

Enabling and Disabling of the Connection Through the PSM

Password Complexity

The use of "One-Time-Passwords"

42. The Vault Internal safe contains all of the configuration for the vault.

TRUE

FALSE

43. What is the primary purpose of Exclusive Accounts?

Reduced risk of credential theft

More frequent password changes

Non-repudiation (individual accountability)

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

44. To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults.

Which file needs to be changed on the PVWA to enable this setup?

Vault.ini

dbparm.ini

pvwa.ini

Satellite.ini

45. When the PSM Gateway (also known as the HTML5 ( End Point in order to launch connections via the PSM

True

False, when the PSM Gateway is implemented, the user only requires a browser in order launch a connection via the PSM

46. A logon account can be specified in the platform settings.

True

False

47. Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply

The PSM software must be installed on the target server

PSM must be enabled in the Master Policy {either directly, or through exception).

PSMConnect must be added as a local user on the target server

RDP must be enabled on the target server

48. Which of the following is NOT a use case for installing multiple CPMS?

A single CPM cannot accommodate the total number of accounts managed

Accounts are managed in multiple sites or VLANs protected by firewall

Reduce network traffic across WAN links

Provide load balancing capabilities when managing passwords on target devices

49. Auto-Detection can be configured to leverage LDAP/S.

TRUE

FALSE

50. A Reconcile Account can be specified in the Master Policy.

TRUE

FALSE

Page 6 of 9

51. Which utilities could you use to change debugging levels on the vault without having to restart the vault Select all that apply.

PAR Agent

PrivateArk Server Central Administration

Edit DBParm.ini in a text editor.

Setup exe

52. What is the proper way to allow the Vault to resolve host names?

Define a DNS server.

Define a WINS server.

Define the local hosts file.

The Vault cannot resolve host names due to security standards.

53. It is possible to control the hours of the day during which a safe may be used.

TRUE

FALSE

54. The Application Inventory report is related to AIM.

TRUE

FALSE

55. What is the chief benefit of PSM?

Privileged session isolation

Automatic password management

Privileged session recording

Privileged session isolation and privileged session recording

56. What is the primary purpose of Dual Control?

Reduced risk of credential theft

More frequent password changes

Non-repudiation (individual accountability)

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

57. Which of the following sends out Simple Network Management Protocol (SNMP) traps?

PrivateArk Remote Control Agent

PrivateArk Server

CyberArk Event Notification Engine

CyberArk SNMP agent

58. Which is the correct order of installation for PAS components?

Vault. CP

PVW

PSM

CPM, Vault. PS

PVWA

Vault, CP

PSM, PVWA

PVWA, Vault, CP

PSM

59. A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.

What is the issue?

The user must login as PSMAdminConnect.

The PSM service is not running.

The user is not a member of the PVWAMonitor group.

The user is not a member of the Auditors group.

60. What is the proper way to allow the Vault to resolve host names?

Define a DNS server

Define a WINS server

Defining the local hosts file

The Vault cannot resolve host names due to security standards

Page 7 of 9

61. A SIEM integration allows you to forward audit records to a monitoring solution.

TRUE

FALSE

62. What is the purpose of the password Reconcile process?

To test that CyberArk is storing accurate credentials for accounts.

To change the password of an account according to organizationally defined password rules.

To allow CyberArk to manage unknown or lost credentials.

To generate a new complex password.

63. Name two ways of viewing the ITAlog:

Log into the vault locally and navigate to the Server folder under the PrivateArk install location.

Log into the PVWA and go to the Reports tab.

Access the System Safe from the PrivateArk client.

Go to the Thirdpary log directory on the CPM

64. The Vault supports multiple instances of the following components Choose all that Apply

PVWA

CPM

PSM

AIM Provider

65. Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

Suspected Credential Theft

Over-Pass-The-Hash

Golden Ticket

Unmanaged Privileged Access

66. Which is the purpose of the HeadStartInterval setting in a platform?

It determines how far in advance audit data is collected for reports.

It instructs the CPM to initiate the password change process certain number of days before expiration.

It instructs the AIM provider to 'skip the cache' during the defined time period.

It alerts users of upcoming password changes a certain number of days before expiration.

67. What is the purpose of the CyberArk Event Notification Engine service.

It sends email messages from the CPM

It sends email messages from the Vault.

It processes audit report messages

It makes vault data available to components.

68. What is the purpose of the password Change process?

To test that CyberArk is storing accurate credentials for accounts

To change the password of an account according to organizationally defined password rules

To allow CyberArk to manage unknown or lost credentials

To generate a new complex password

69. Which file is used to configure new firewall rules on the Vault?

firewall.ini

PARagent.ini

dbparm.ini

padr.ini

70. When managing SSH keys. CPM automatically pushes the Public Key to the target system.

TRUE

FALSE

Page 8 of 9

71. When a group is granted the ‘Authorize Account Requests’ permission on a safe Dual Control requests must be approved by:

Any one person from that group

Every person from that group

The number of persons specified by the Master Policy

That access cannot be granted to groups

72. It is possible to restrict the time of day. or day of week that a verify process can occur

TRUE

FALSE

73. You have associated a logon account to one of your UNIX root accounts in the vault When attempting to verify the root account's password the CPM will...

Ignore the logon account and attempt to log in as root.

Prompt the end user with a dialog box asking for the login account to use.

None of these.

74. In Accounts Discovery, you can configure a Windows discovery to scan______________.

as many OUs as you wish

up to three OUs.

only one O

a number of OUs determined by the OUstoScan setting under the Accounts Feed section in the Administration tab

75. Which service should NOT be running on the DR Vault when the primary production Vault is up?

PrivateArk Database

PrivateArk Server

CyberArk Vault Disaster Recovery Service

CyberArk Logical Container

76. Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests?

HeadStartInterval

Interval

ImmediateInterval

The CPM does not change the password under this circumstance

77. Which of the Following can be configured in the Master Policy? Choose all that apply

Dual Control

One Time Passwords

Exclusive Passwords

Password Reconciliation

Ticketing Integration

Required Properties

Custom Connection Components

Password Aging Rules

78. What is the purpose of a password group?

To ensure that a particular collection of accounts all have the same password

To ensure a particular set of accounts all change at the same time

To connect the CPM to a target system

To allow more than one account to work together as part of a password management process

79. PSM captures a record of each command that was executed in Unix.

TRUE

FALSE

80. Multiple PVWA servers provide automatic load balancing.

TRUE

FALSE

Page 9 of 9

81. The Vault does not support dual factor authentication.

True

False

82. Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Accounts Discovery

Auto Detection

Onboarding RestAPI functions

PTA Rules

83. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to UnixAdmins? Check all that apply

Use Accounts

Retrieve Accounts

List Accounts

Authorize Password Requests

Access Safe without Authorization

84. What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

MinValidityPeriod

Interval

Immediatelnterval

Timeout

85. One can create exceptions to the Master Policy based on_________.

Safes

Platforms

Policies

Accounts

86. When creating an onboarding rule, it will be executed upon.

All accounts in the pending accounts list.

Any future accounts discovered by a discovery process.

All accounts in the pending accounts list and any future accounts discovered by a discovery process.

87. 1.To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers need to be configured to communicate with the Primary Vault and Satellite Vaults.

What file needs to be changed on the PVWA to enable this setup?

Vault.ini

dbparm.ini

pvwa.ini

Satellite.ini

88. tsparm.ini is the main configuration file for the vault.

TRUE

FALSE

89. In a Distributed Vaults environment, which of the following components will NOT be communicating with the Satellite Vaults?

AAM Credential Provider (previously known as AIM Credential Provider)

ExportVaultData utility

PAReplicate utility

Central Policy Manager

90. Access Control to passwords is implemented by ________________.

Virtual Authorizations

Safe Authorizations

Master Policy

Platform Settings

Latest CyberArk PAM-DEF-SEN Exam Dumps Questions [2022] For Learning

Latest CyberArk PAM-DEF-SEN Exam Dumps Questions [2022] For Learning

Read CyberArk PAM-DEF-SEN FREE Dumps Below

Share this post

Author

Related Posts