PAM-SEN Practice Exam Questions with Answers CyberArk Sentry PAM Certification

DBparm.ini and CAVaultManager.exe

VaultKeys.ini and CAVaultManager.exe

DBparm.ini and ChangeServerKeys.exe

VaultKeys.ini and ChangeServerKeys.exe

DR

Backup

Operator

Auditor

retention period

number of PSMs

number of users

number of targets

PARAgent.ini

DBParm.ini

TSParm.ini

CyberArkv2 MIB file

Deploy two PVWAs behind a global traffic manager.

Deploy one PVWA only.

Deploy two PVWAs in an active/standby mode.

Deploy two PVWAs using DNS round robin.

Port 1858 must be opened between the load balancer and the PVWAs.

The load balancer must be configured in DNS round robin.

The load balancer must support "sticky sessions".

The LoadBalancerClientAddressHeader parameter in the PVWA.ini file must be set.

Vault

CPM

PVWA

PSM

PrivateArk

OPM

AIM

Install two new PVWA servers in Tokyo data center, configure load balancing, connect to the local satellite Vault and provide the URL of new PVWA servers to the local employees.

Install two new PVWA servers in New York data center, configure load balancing and have them connect to the satellite Vault in Tokyo.

Install two new PSM servers in the Tokyo data center, configure load balancing, connect to the local satellite vault, and inform the local employees to browse using the same PVWA URL.

Change the current distributed Vaults architecture, migrate back to a Primary-DR architecture, install two new PVWA servers in the Tokyo data center and configure load balancing. Connect to the local DR Vault and provide the URL of new PVWA servers to the local employees.

Run Powershell and add the NTP module.

Restart the organization's NTP servers.

Edit dbparm.ini and add a Firewall rule for the NTP address.

Restart the Vault Event Notification Engine service.

Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent. Most Voted

In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.

Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.

maximum number of concurrent connections that can be opened between the CPM and the remote machines for the platform

maximum number of concurrent connections that can be between the PSM and the remote machines for the platform

maximum number of concurrent connections allowed for a specific account on the platform through the PSM

maximum number of concurrent connections to the Vault allowed for sending audit activities relating to the platform

CPM

PVWA

PSM

PTA

EPV

When a directory mapping matching that user id is created.

When a vault admin runs LDAP configuration wizard.

The first time the user logs in.

During the vault's nightly LD|^P refresh

dbparm ini

paragent.ini

ENEConf.ini I

padr ini

That the username and password are correct

That the CPM can successfully resolve addresses in the beta cyberark com domain

That the end user has the correct permissions on the safe.

That an appropriate trust relationship exists between alpha.cyberark com and beta cyberark.com

c:\inetpub\wwwroot\passwordvault\web.config

c:\inetpub\wwwroot\passwordvault\services\web.config

c:\cyberark\password vault web access\env\web.config

c:\program files\cyberark\password vault web access\web.config

Review the “Recommended Server Specifications” for PSMs in the CyberArk Documents website. Most Voted

Use the specifications of any existing PSM and request a server of the same size.

Use the CyberArk Support Knowledgebase, search for “PSM Sizing” and locate the Knowledgebase article related to sizing.

Refer to the Microsoft Windows website, determine the minimum specifications required for the Operating System you are installing, and then add 4 Gb of RAM and 20 GB of disk.

server.key

recpub.key

recprv.key

mdbase.dat

Add the FQDN & IP details for each LDAP host into the local hosts file of the Vault server. Most Voted

Configure an AllowNonStandardFWAddresses rule in DBParm.ini on the Vault to allow outbound TCP 53 to the organization’s DNS servers.

Ensure LDAP hosts added to the directory mapping configuration are defined using only IP addresses.

Set the ReferralsDNSLookup parameter value to “No” in the directory configuration.

True, this is the default behavior

False, this is not possible

True, if the 'AllowFailback' setting is set to yes in the PADR.ini file.

True if the 'AllowFailback' setting is set to yes in the dbparm mi file

Copy the files to the Vault server and discard the CD.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

Store the CD in a secure location, such as a physical safe.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder (secured with NTFS permissions} on the vault.

saml.config

samlconfig.ini

PVWAConfig.xml

PVConfiguration.xml

The system will use the template for the mapping listed first.

The system will use the template for the mapping listed last.

The system will grant all of the vault authorizations from the two templates.

The system will grant only the vault authorizations that are listed in both templates

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until another Vault is promoted as the new primary Vault.

CPMs should access only the satellite Vaults.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until the original primary Vault is operational again.

CPM should access all Vaults - primary and the satellite.

Update PVWA.ini with new user name

Update Vault.ini with new user name

Create new user in PrivateArk

Rename user in PrivateArk

Create new cred file for user

TRUE

FALSE

When a user successfully authenticates to the Vault, an authentication token is returned. Most Voted

REST API Windows authentication method allows skipping the logon API by using the Windows default credentials with a Kerberos ticket.

To allow High Availability, REST API can be configured to support Session Load Balancing by editing the PVConfiguration.xml and setting the AllowPVWASessionRedandancy=Yes.

Each REST API call requires that a valid authentication token be provided. Most Voted

REST calls are directly sent to the currently active Vault using Port 1858.

NET 3.51 Framework Feature

Web Services Role

Remote Desktop Services Role

Windows 2008 R2 or higher.

Recovery Time Objectives or Recovery Point Objectives are at or near zero

Integration with an Enterprise Backup Solution is required.

Off site replication is required.

PSM is used

Smart card redirection is supported

It does not support connections to target system where NLA is enabled on the PSM server

SSH sessions cannot be established

Printer redirection cannot be enabled

It does not support session recording capabilities for applications that run outside a web browser

RabbitMQ

Disaster Recovery

Remote Control Client

Distributed Vault Server

six or more

four

two or less

three

on the Vault server in C:\Windows\System32\drivers\etc\hosts and in the PVWAApplication under Administration > LDAP Integration > Directories > Hosts

on both the Vault and the PVWA servers in C:\Windows\System32\drivers\etc\hosts

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

on the Vault server in the certificate store and on the PVWA server in the certificate store

It must not alter page content, or should include a mechanism to prevent pages from being altered. Most Voted

It must support “sticky sessions”. Most Voted

It must be able to digitally sign and issue certificates for PVWA servers.

It must be able to connect to all Vault and PVWA servers through Port TCP 443.

It must be configured with high-availability (HA) enabled.

It prompts for input parameters that will be used to pre-populate form fields in the installation wizard.

It automatically installs the CPM, requiring no additional user input.

It allows you to install the CPM using a command line approach rather than using the installation wizard.

It verifies the NET version installed on the server and sets the IIS SSL TLS server configuration.