Cyber Monday Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

Practice Free CAU302 CyberArk Defender + Sentry Exam Questions Answers With Explanation

We at Crack4sure are committed to giving students who are preparing for the CyberArk CAU302 Exam the most current and reliable questions . To help people study, we've made some of our CyberArk Defender + Sentry exam materials available for free to everyone. You can take the Free CAU302 Practice Test as many times as you want. The answers to the practice questions are given, and each answer is explained.

Get Full 237 Questions Search Other CyberArk Exam
Question # 6

What is the maximum number of levels of authorizations you can set up in Dual Control?

A.

1

B.

2

C.

3

D.

4

Question # 7

When managing SSH keys, the CPM stores the Public Key ________________.

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the public key can always be generated from the private key

Question # 8

Which file is used to configure new firewall rules on the Vault?

A.

firewall.ini

B.

paragent.ini

C.

dbparm.ini

D.

padr.ini

Question # 9

In order to grant a permission to a user, and administrator MUST possess that permission.

A.

True

B.

False

Question # 10

Which is the correct order of installation for PAS components?

A.

Vault. CPM. PVWA. PSM

B.

CPM, Vault. PSM. PVWA

C.

Vault, CPM. PSM, PVWA

D.

PVWA, Vault, CPM. PSM

Question # 11

Two-factor authentication can be implemented by integrating the Vault with a RADIUS server configured to require PIN and token.

A.

True

B.

False

Question # 12

Which Master Policy Setting(s) must be active in order to have an account checked-out by one user for a predetermined amount of time?

A.

Require dual control password access Approval

B.

Enforce check-in/check-out exclusive access

C.

Enforce one-time password access

D.

Enforce check-in/check-out exclusive access & Enforce one-time password access

Question # 13

In Accounts Discovery, you can configure a Windows discovery to scan______________.

A.

as many OUs as you wish

B.

up to three OUs.

C.

only one OU.

D.

a number of OUs determined by the OUstoScan setting under the Accounts Feed section in the Administration tab

Question # 14

Which utility can be used to copy a server key to an HSM?

A.

PrivateArk Client

B.

A proprietary utility provided by the HSM Vendor

C.

ChangeServerKeys.exe

D.

CAVaultManager.exe

Question # 15

Which file is used to open up a non-standard Firewall port to the Vault?

A.

dbparm.ini

B.

PARagent.ini

C.

passparm.ini

D.

Vault.ini

Question # 16

Which user(s) can access all passwords in the vault

A.

Administrator

B.

Any member of Vault Admins

C.

Any member of Auditors

D.

Master

Question # 17

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.D18912E1457D5D1DDCBD40AB3BF70D5D

A.

TRUE

B.

FALSE

Question # 18

What is the purpose of the Allowed Safes parameter in a CPM policy? Select all that apply.

A.

To improve performance by reducing CPU workload.

B.

To prevent accidental use of a policy in the wrong safe.

C.

To allow users to access only the passwords they should be able to access.

D.

To enforce Least Privilege in CyberArk.

Question # 19

Accounts Discovery allows secure connections to domain controllers.

A.

True

B.

False

Question # 20

A safe was recently created by a user who is a member of the LDAP Vault Administrators group. Which of the

following users does not have access to the newly created safe by default?

A.

Master

B.

Administrator

C.

Auditor

D.

Backup

Question # 21

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

A.

PSM (i.e., launching connections by clicking on the “Connect” button in the PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM SSH Proxy)

D.

All of the above

Question # 22

The vault supports a number of dual factor authentication methods.

A.

TRUE

B.

FALSE

Question # 23

Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords.

A.

TRUE

B.

FALSE

Question # 24

Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

A.

Suspected Credential Theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged Privileged Access

Question # 25

Which of the following sends out Simple Network Management Protocol (SNMP) traps?

A.

PrivateArk Remote Control Agent

B.

PrivateArk Server

C.

CyberArk Event Notification Engine

D.

CyberArk SNMP agent

Question # 26

It is possible to restrict the time of day. or day of week that a change process can occur

A.

TRUE

B.

FALSE

Question # 27

Select the best practice for storing the Master CD.

A.

Copy the files to the Vault server and discard the CD.

B.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

C.

Store the CD in a secure location, such as a physical safe.

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder

(secured with NTFS permissions) on the vault.

Question # 28

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests?

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Question # 29

Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply

A.

The PSM software must be installed on the target server

B.

PSM must be enabled in the Master Policy {either directly, or through exception).

C.

PSMConnect must be added as a local user on the target server

D.

RDP must be enabled on the target server

Question # 30

Multiple Vault Servers can be load balanced.

A.

True

B.

False

Question # 31

A Vault Administrator wants to change the PSM Server ID to comply with a naming standard What is the process for changing the PSM Server ID?

A.

First, logon to the PrivateArk Client as Administrator and open the PVWAConfig safe. Retrieve and edit the PVConfiguration.xml file. Search for the PSMServer Name and update the ID of the server you want to rename Save the file and copy back to the PVWAConfig safe. Restart the "CyberArk Privileged Session Manager" service on the PSM server.

B.

Login to the PVWA. then change the PSMServer ID in Administration. System Configuration. Options, Privileged Session Management. Configured PSM Servers Run an IISRESET on all PVWA servers.

C.

First, login to the PVWA. browse to Administration. System Configuration. Options. Pnvileged Session Management. Configured PSM Servers and select the PSM Server you need to change from the list of servers In the properties pane, set the value of the ID property to the new Server ID. click Apply and OK. Next, edit the basic_psm.ini file located on the PSM server in the PSM root directory and update the PSMServerlD parameter with the new Ser

D.

Options A and B above is the correct procedure

Question # 32

CyberArk creates exceptions for Data Execution Prevention (DEP) on selected executable files. This is done as part of installing which of the following components?

A.

PSM

B.

CPM

C.

PVWA

D.

AAM Credential Provider (previously known as AIM Credential Provider)

Question # 33

What is the purpose of the password verify process?

A.

To test that CyberArk is storing accurate credentials for accounts.

B.

To change the password of an account according to organizationally defined password rules.

C.

To allow CyberArk to manage unknown or lost credentials.

D.

To generate a new complex password.

Question # 34

What is the primary purpose of Exclusive Accounts?

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Question # 35

Which of the following options is not set in the Master Policy?

A.

Password Expiration Date

B.

Dual Control

C.

Password Complexity

D.

Require Access Reason

Question # 36

What is the purpose of the PrivateArk Server service?

A.

Executes password changes.

B.

Makes vault data accessible to components.

C.

Maintains vault metadata.

D.

Sends email alert from the Vault

Question # 37

In version 10.7 the correct order of installation for components changed. Make the necessary corrections to the list below to show the new installation order.

Select and Place:

CAU302 question answer

Question # 38

To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults. Which file needs to be changed on the PVWA to enable this setup?

A.

Vault.ini

B.

dbparm.ini

C.

pvwa.ini

D.

Satellite.ini

Question # 39

Can ITALOG records be forwarded to the monitoring solution via Security Information and Event Management (SIEM) integration?

A.

Yes

B.

No

Question # 40

An Auditor needs to login to the PSM in order to live monitor an active session. Which User ID is used to establish the RDP connection to the PSM server?

A.

PSMConnect

B.

PSMMaster

C.

PSMGwUser

D.

PSMAdminConnect

Question # 41

After the Vault Server is installed, the Microsoft Windows Firewall is now commandeered by the Vault Can the administrator change these firewall rules?

A.

Yes, but the administrator can only modify the firewall rules by editing the dbparm.ini file and the restarting the vault

B.

Yes, the administrator can still modify Firewall rules via the Windows Firewall interface

C.

No, the Vault does not permit any changes to the Firewall due to security requirements

D.

Yes, but the administrator can only modify the firewall rules by editing the FirewallRuIes mi file and the restarting the vault

Question # 42

Which of the following is considered a prerequisite for installing PSM?

A.

IIS web services role

B.

HTML5 Gateway

C.

Provider

D.

Remote Desktop Services

Question # 43

An SNMP integration allows you to forward audit records from the vault to the SIEM.

A.

TRUE

B.

FALSE

Question # 44

Which is the purpose of the interval setting in a Central Policy Manager (CPM) policy?

A.

To control how often the CPM looks for system-initiated CPM work

B.

To control how often the CPM looks for user-initiated CPM work

C.

To control how long the CPM rests between password changes

D.

To control the maximum amount of time the CPM will wait for a password change to complete

Question # 45

What is the proper way to allow the Vault to resolve host names?

A.

Define a DNS server.

B.

Define a WINS server.

C.

Define the local hosts file.

D.

The Vault cannot resolve host names due to security standards.

Question # 46

What is the proper way to allow the Vault to resolve host names?

A.

Define a DNS server

B.

Define a WINS server

C.

Defining the local hosts file

D.

The Vault cannot resolve host names due to security standards

Question # 47

What is the purpose of the CyberArk Event Notification Engine service.

A.

sends email messages from the vault.

B.

sends email messages from the CPM.

C.

processes audit reports.

D.

make vault data available to components

Question # 48

Which report could show all accounts that are past their expiration dates?

A.

Activity log

B.

Privileged Account Inventory report

C.

Privileged Account Compliance Status report

D.

Applications Inventory report

Question # 49

One of your users is receiving the error message “ITATS006E Station is suspended for User jsmith” when

attempting to sign in to the pvwa. Which utility would you use to correct this problem?

A.

createcredfile.exe

B.

cavaultmanager.exe

C.

PrivateArk

D.

PVWA

Question # 50

Accounts Discovery allows secure connections to domain controllers.

A.

TRUE.

B.

FALSE

Question # 51

Which of the following is NOT a use case for installing multiple CPMS?

A.

A single CPM cannot accommodate the total number of accounts managed

B.

Accounts are managed in multiple sites or VLANs protected by firewall

C.

Reduce network traffic across WAN links

D.

Provide load balancing capabilities when managing passwords on target devices

Question # 52

Which Built-in group grants access to the ADMINISTRATION page?

A.

PVWAMonitor

B.

PVWAUsers

C.

Auditors

D.

Vault Admins

Question # 53

The Vault server requires WINS services to work properly.

A.

True

B.

False

Question # 54

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so

that the CPM could resume management automatically?

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Question # 55

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

A.

True, this is the default behavior.

B.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file.

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file.

D.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file.

Question # 56

Which is the purpose of the HeadStartInterval setting in a platform?

A.

It determines how far in advance audit data is collected for reports.

B.

It instructs the CPM to initiate the password change process certain number of days before expiration.

C.

It instructs the AIM provider to 'skip the cache' during the defined time period.

D.

It alerts users of upcoming password changes a certain number of days before expiration.

Question # 57

PSM captures a record of each command that was issues in SQL Plus.

A.

TRUE

B.

FALSE

Question # 58

What is the purpose of the PrivateArk Database service?

A.

Maintains Vault metadata.

B.

Communicates with components.

C.

Sends email alerts from the vault ID.

D.

Executes password changes

Question # 59

What is the purpose of the password Change process?

A.

To test that CyberArk is storing accurate credentials for accounts

B.

To change the password of an account according to organizationally defined password rules

C.

To allow CyberArk to manage unknown or lost credentials

D.

To generate a new complex password

Question # 60

Which service is optional on the Vault?

A.

PrivateArk Server

B.

PrivateArk Remote Control Agent

C.

PrivateArk Database

D.

CyberArk Hardened Windows Firewall

Question # 61

Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the domain controller during LDAP/S integration?

A.

PVWA > Platform Management > LDAP Integration

B.

PVWA > Administration > LDAP Integration

C.

PVWA > Administration > Options > LDAP Integration

D.

PVWA > LDAP Integration

Question # 62

Which file would you modify to configure your Vault Server to forward Activity Logs to a SIEM or SYSLOG server?

A.

dbparm.ini

B.

PARagent.ini

C.

ENEConf.ini

D.

padre.ini

Question # 63

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

A.

TRUE

B.

FALSE

Question # 64

Which of the following is considered a prerequiste for installing PSM?

A.

IIS Web Services Role

B.

HTML5 Gateway

C.

Provider

D.

Remote Desktop Services

Question # 65

Is it possible to modify the CyberArk Vault Audit Log?

A.

Yes, a Vault administrator can modify the Audit log

B.

No, the audit trail is tamper proof and cannot be edited, not even by Master

C.

Yes, but only the Master user can modify the Audit log

D.

Yes, a Vault administrator can edit the Audit log but only with explicit permission from CyberArk

Question # 66

A logon account can be specified in the platform settings.

A.

True

B.

False

Question # 67

The PSM Gateway (also known as the HTML5 Gateway) can be installed

A.

True

B.

False, the PSM Gateway must be installed on a separate Windows machine

Question # 68

What conditions must be met in order to log into the vault as the Master user? Select all that apply

A.

Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini

B.

User must provide the correct master password

C.

Logon requires the Recovery Private Key to be accessible to the vault

D.

Logon must satisfy a challange response request

Question # 69

The Vault does not support dual factor authentication.

A.

True

B.

False

Question # 70

Multiple PVWA servers provide automatic load balancing.

A.

TRUE

B.

FALSE

Question # 71

When working with the CyberArk High Availability Cluster, which services are running on the passive node?

A.

Cluster Vault Manager and PrivateArk Database

B.

Cluster Vault Manager, PrivateArk Database and Remote Control Agent

C.

Cluster Vault Manager

D.

Cluster Vault Manager and Remote Control Agent

CAU302 PDF

$33

$109.99

3 Months Free Update

Add to Cart
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CAU302 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

Add to Cart
  • Exam Name: CyberArk Defender + Sentry
  • Last Update: Dec 4, 2025
  • Questions and Answers: 237
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CAU302 Engine

$39.6

$131.99

3 Months Free Update

Add to Cart
  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included