Comprehensive CyberArk CDE Recertification (PAM-CDE-RECERT) Exam Dumps For Preparation

1. What is the purpose of a linked account?

2. Which components support fault tolerance.

3. Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

4. What is the purpose of the Interval setting in a CPM policy?

5. It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

6. Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

7. It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

8. Which user(s) can access all passwords in the Vault?

9. You are installing HTML5 gateway on a Linux host using the RPM provided.

After installing the Tomcat webapp, what is the next step in the installation process?

10. For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

11. Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

12. Which components can connect to a satellite Vault in distributed Vault architecture?

13. Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.

Which steps should you perform to restore DR replication to normal?

14. What is a requirement for setting fault tolerance for PSMs?

15. What is the easiest way to duplicate an existing platform?

16. Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

17. What is the purpose of the PrivateArk Database service?

18. Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

19. What is the easiest way to duplicate an existing platform?

20. You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.

What do you need to recover and decrypt the object? (Choose three.)

21. When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

22. The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys.

How are these keys managed?

23. You are creating a shared safe for the help desk.

What must be considered regarding the naming convention?

24. If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

25. You are creating a Dual Control workflow for a team’s safe.

Which safe permissions must you grant to the Approvers group?

26. CyberArk recommends implementing object level access control on all Safes.

27. The vault supports Role Based Access Control.

28. Which of the following logs contains information about errors related to PTA?

29. By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

30. As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

31. Which of the following PTA detections are included in the Core PAS offering?

32. A Logon Account can be specified in the Master Policy.

33. In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA Hardening.ps1 perform when run?

34. For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

35. Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

36. A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

37. Which Automatic Remediation is configurable for a PTA detection of a “Suspected Credential Theft”?

38. Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation.

39. DRAG DROP

For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.

40. The password upload utility must run from the CPM server

41. Which permissions are needed for the Active Directory user required by the Windows Discovery process?

42. tsparm.ini is the main configuration file for the Vault.

43. Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

44. If a customer has one data center and requires high availability, how many PVWA's should be deployed.

45. What is the purpose of the Immediate Interval setting in a CPM policy?

46. Which report could show all accounts that are past their expiration dates?

47. In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA?

48. An auditor needs to login to the PSM in order to live monitor an active session.

Which user ID is used to establish the RDP connection to the PSM server?

49. Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

50. If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

51. Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

52. Which option in the Private Ark client is used to update users’ Vault group memberships?

53. As long as you are a member of the Vault Admins group you can grant any permission on any safe.

54. You have associated a logon account to one your UNIX cool accounts in the vault.

When attempting to [b]change [/b] the root account’s password the CPM will…..

55. How much disk space do you need on the server for a PAReplicate?

56. DRAG DROP

Match each component to its respective Log File location.

57. Which of the following options is not set in the Master Policy?

58. What is the maximum number of levels of authorization you can set up in Dual Control?

59. In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to “Fast Forward” within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.

What could be the cause?

60. You are installing multiple PVWAs behind a load balancer.

Which statement is correct?

61. CyberArk user Neil is trying to connect to the Target Linux server 192.168.1.64 using a domain account ACME/linuxuser01 on Domain Acme.corp using PSM for SSH server 192.168.65.145.

What is the correct syntax?

62. According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

63. To manage automated onboarding rules, a CyberArk user must be a member of which group?

64. What is the name of the Platform parameters that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

65. When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

66. Which usage can be added as a service account platform?

67. Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

68. Which keys are required to be present in order to start the PrivateArk Server service?

69. Which tools are used during a CPM renaming process?

70. Which of the following components can be used to create a tape backup of the Vault?

71. Which authentication methods does PSM for SSH support?

72. Accounts Discovery allows secure connections to domain controllers.

73. It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

74. You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission.

Where do you update this permission for all auditors?

75. Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

76. DRAG DROP

Match each PTA alert category with the PTA sensors that collect the data for it.

77. Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

78. A user with administrative privileges to the vault can only grant other users privileges that he himself has.

79. Which of the following properties are mandatory when adding accounts from a file? (Choose three.)

80. Which is the primary purpose of exclusive accounts?