CyberArk Defender + Sentry Certification CAU302 Exam Dumps

1. The vault does not support Role Based Access Control

2. The Remote Desktop Services role must be properly licensed by Microsoft.

3. One can create exceptions to the Master Policy based on ____________.

4. Which of the following statements are NOT true when enabling PSM recording for a target Windows server?

5. It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

6. During LDAP/S integration you should specify the Fully Qualified Domain Name (FQDN) of the Domain Controller.

7. Which of the following options is not set in the Master Policy?

8. When on-boarding accounts using Accounts Feed, which of the following is true?

9. The Vault Internal safe contains the configuration for an LDAP integration.

10. PSM captures a record of each command that was issued in SQL Plus.

11. What is the purpose of the Allowed Safes parameter in a CPM policy? Select all that apply.

12. The Vault Internal safe contains all of the configuration for the vault.

13. One time passwords reduce the risk of Pass the Hash vulnerabilities in Windows.

14. What are the operating system prerequisites for installing CPM?

15. The vault provides a tamper-proof audit trail.

16. It is possible to restrict the time of day, or day of week that a verify process can occur

17. When managing SSH keys, CPM automatically pushes the Private Key to all systems that use it.

18. It is possible to restrict the time of day, or day of week that a change process can occur.

19. Which one of the built-in Vault users is not automatically added to the safe when it is first created in PWA?

20. What conditions must be met in order to log into the vault as the Master user? Select all that apply.

21. The Vault supports multiple instances of the following components. Choose all that Apply.

22. Multiple PVWA servers are always all active.

23. In an SIEM integration it is recommended to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es).

24. The vault supports a number of dual factor authentication methods.

25. You are successfully managing passwords in the alpha.cyberark.com domain; however, when you attempt to manage a password in the beta.cyberark.com domain, you receive the ‘network path not found’ error.

What should you check first?

26. In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

27. The vault server uses a modified version of the Microsoft Windows firewall.

28. You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to verify the root account’s password the CPM will…

29. A SIEM integration allows you to forward ITALOG records to a monitoring solution.

30. What is the purpose of the CyberArk Event Notification Engine service?

31. The DR module allows an integration with Enterprise Backup software.

32. What is the purpose of the PrivateArk Server service?

33. Auto-Detection can be configured to leverage LDAP/S.

34. It is impossible to override Mater Policy settings for a Platform

35. The following applications are pre-configured to work with PSM, but first need to be installed on the PSM server.

36. What is the PRIMARY reason for installing more than 1 active CPM?

37. When planning to load balance at least 2 PSM Servers in an “in-domain” deployment, is it required to move the PSMConnect and PSMAdminConnect users to the domain level?

38. Name two ways of viewing the ITAlog:

39. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to UnixAdmins?

40. An SMTP integration allows you to forward audit records to a monitoring solution.

41. The System safe allows access to the Vault configuration files.

42. Which of the Following can be configured in the Master Policy? Choose all that apply.

43. Multiple PSM Servers can be load balanced.

44. Which file would you modify to configure your Vault Server to forward Activity Logs to a SIEM or SYSLOG server?

45. In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX systems.

What is the BEST way to allow CPM to manage root accounts?

46. It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

47. In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

48. When a DR vault server becomes an active vault, it will automatically fail back to the original state once the primary vault comes back online.

49. PSM requires the Remote Desktop Session Host role service.

50. Which is the correct order of installation for PAS components?