CAU302 Practice Exam Questions with Answers CyberArk Defender + Sentry Certification

1

2

3

4

In the Vault

On the target server

A & B

Nowhere because the public key can always be generated from the private key

firewall.ini

paragent.ini

dbparm.ini

padr.ini

True

False

Vault. CPM. PVWA. PSM

CPM, Vault. PSM. PVWA

Vault, CPM. PSM, PVWA

PVWA, Vault, CPM. PSM

True

False

Require dual control password access Approval

Enforce check-in/check-out exclusive access

Enforce one-time password access

Enforce check-in/check-out exclusive access & Enforce one-time password access

as many OUs as you wish

up to three OUs.

only one OU.

a number of OUs determined by the OUstoScan setting under the Accounts Feed section in the Administration tab

PrivateArk Client

A proprietary utility provided by the HSM Vendor

ChangeServerKeys.exe

CAVaultManager.exe

dbparm.ini

PARagent.ini

passparm.ini

Vault.ini

Administrator

Any member of Vault Admins

Any member of Auditors

Master

TRUE

FALSE

To improve performance by reducing CPU workload.

To prevent accidental use of a policy in the wrong safe.

To allow users to access only the passwords they should be able to access.

To enforce Least Privilege in CyberArk.

True

False

Master

Administrator

Auditor

Backup

PSM (i.e., launching connections by clicking on the “Connect” button in the PVWA)

PSM for Windows (previously known as RDP Proxy)

PSM for SSH (previously known as PSM SSH Proxy)

All of the above

TRUE

FALSE

TRUE

FALSE

Suspected Credential Theft

Over-Pass-The-Hash

Golden Ticket

Unmanaged Privileged Access

PrivateArk Remote Control Agent

PrivateArk Server

CyberArk Event Notification Engine

CyberArk SNMP agent

TRUE

FALSE

Copy the files to the Vault server and discard the CD.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

Store the CD in a secure location, such as a physical safe.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder

(secured with NTFS permissions) on the vault.

HeadStartInterval

Interval

ImmediateInterval

The CPM does not change the password under this circumstance

The PSM software must be installed on the target server

PSM must be enabled in the Master Policy {either directly, or through exception).

PSMConnect must be added as a local user on the target server

RDP must be enabled on the target server

True

False

First, logon to the PrivateArk Client as Administrator and open the PVWAConfig safe. Retrieve and edit the PVConfiguration.xml file. Search for the PSMServer Name and update the ID of the server you want to rename Save the file and copy back to the PVWAConfig safe. Restart the "CyberArk Privileged Session Manager" service on the PSM server.

Login to the PVWA. then change the PSMServer ID in Administration. System Configuration. Options, Privileged Session Management. Configured PSM Servers Run an IISRESET on all PVWA servers.

First, login to the PVWA. browse to Administration. System Configuration. Options. Pnvileged Session Management. Configured PSM Servers and select the PSM Server you need to change from the list of servers In the properties pane, set the value of the ID property to the new Server ID. click Apply and OK. Next, edit the basic_psm.ini file located on the PSM server in the PSM root directory and update the PSMServerlD parameter with the new Ser

Options A and B above is the correct procedure

PSM

CPM

PVWA

AAM Credential Provider (previously known as AIM Credential Provider)

To test that CyberArk is storing accurate credentials for accounts.

To change the password of an account according to organizationally defined password rules.

To allow CyberArk to manage unknown or lost credentials.

To generate a new complex password.

Reduced risk of credential theft

More frequent password changes

Non-repudiation (individual accountability)

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Password Expiration Date

Dual Control

Password Complexity

Require Access Reason

Executes password changes.

Makes vault data accessible to components.

Maintains vault metadata.

Sends email alert from the Vault

Vault.ini

dbparm.ini

pvwa.ini

Satellite.ini

Yes

No

PSMConnect

PSMMaster

PSMGwUser

PSMAdminConnect

Yes, but the administrator can only modify the firewall rules by editing the dbparm.ini file and the restarting the vault

Yes, the administrator can still modify Firewall rules via the Windows Firewall interface

No, the Vault does not permit any changes to the Firewall due to security requirements

Yes, but the administrator can only modify the firewall rules by editing the FirewallRuIes mi file and the restarting the vault

IIS web services role

HTML5 Gateway

Provider

Remote Desktop Services

TRUE

FALSE

To control how often the CPM looks for system-initiated CPM work

To control how often the CPM looks for user-initiated CPM work

To control how long the CPM rests between password changes

To control the maximum amount of time the CPM will wait for a password change to complete

Define a DNS server.

Define a WINS server.

Define the local hosts file.

The Vault cannot resolve host names due to security standards.

Define a DNS server

Define a WINS server

Defining the local hosts file

The Vault cannot resolve host names due to security standards

sends email messages from the vault.

sends email messages from the CPM.

processes audit reports.

make vault data available to components

Activity log

Privileged Account Inventory report

Privileged Account Compliance Status report

Applications Inventory report

createcredfile.exe

cavaultmanager.exe

PrivateArk

PVWA

TRUE.

FALSE

A single CPM cannot accommodate the total number of accounts managed

Accounts are managed in multiple sites or VLANs protected by firewall

Reduce network traffic across WAN links

Provide load balancing capabilities when managing passwords on target devices

PVWAMonitor

PVWAUsers

Auditors

Vault Admins

True

False

Configure the Provider to change the password to match the Vault’s Password

Associate a reconcile account and configure the platform to reconcile automatically

Associate a logon account and configure the platform to reconcile automatically

Run the correct auto detection process to rediscover the password

True, this is the default behavior.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file.

True, if the AllowFailback setting is set to “yes” in the padr.ini file.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file.

It determines how far in advance audit data is collected for reports.

It instructs the CPM to initiate the password change process certain number of days before expiration.

It instructs the AIM provider to 'skip the cache' during the defined time period.

It alerts users of upcoming password changes a certain number of days before expiration.

TRUE

FALSE

Maintains Vault metadata.

Communicates with components.

Sends email alerts from the vault ID.

Executes password changes

To test that CyberArk is storing accurate credentials for accounts

To change the password of an account according to organizationally defined password rules

To allow CyberArk to manage unknown or lost credentials

To generate a new complex password

PrivateArk Server

PrivateArk Remote Control Agent

PrivateArk Database

CyberArk Hardened Windows Firewall

PVWA > Platform Management > LDAP Integration

PVWA > Administration > LDAP Integration

PVWA > Administration > Options > LDAP Integration

PVWA > LDAP Integration

dbparm.ini

PARagent.ini

ENEConf.ini

padre.ini

TRUE

FALSE

IIS Web Services Role

HTML5 Gateway

Provider

Remote Desktop Services

Yes, a Vault administrator can modify the Audit log

No, the audit trail is tamper proof and cannot be edited, not even by Master

Yes, but only the Master user can modify the Audit log

Yes, a Vault administrator can edit the Audit log but only with explicit permission from CyberArk

True

False

True

False, the PSM Gateway must be installed on a separate Windows machine

Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini

User must provide the correct master password

Logon requires the Recovery Private Key to be accessible to the vault

Logon must satisfy a challange response request

True

False

TRUE

FALSE

Cluster Vault Manager and PrivateArk Database

Cluster Vault Manager, PrivateArk Database and Remote Control Agent

Cluster Vault Manager

Cluster Vault Manager and Remote Control Agent