Get the Latest PT-AM-CPE Dumps (V8.02) for 2026: Pass Your Certified Professional – PingAM Exam Successfully

1. What is session denylisting used for?

2. Which of the following is considered a confidential OAuth2 client?

3. When removing a forgeops deployment created with the Cloud Developer Kit (CDK) with the following command:

$ /path/to/forgeops/bin/forgeops delete

What components are removed from the deployment?

4. Charlotte wants to query all the authentication tree configuration details in the alpha realm using an Amster command.7 After connecting to the PingAM instance in Amster, which command should Charlotte enter?

5. To ensure the user's full name is displayed on the consent screen for an OpenID Connect application, which string should be added into the Support Claims property on the OpenID Connect tab page of the OAuth2 Provider service in PingAM?

6. In an authentication tree process, considering best practice, where can the collected context data for mobile devices be persisted for subsequent risk analysis?

7. Which organization sets, maintains, and governs the SAML2 standard?

8. Which of the following best describes the relationship between users and realms?

9. Which of the following multi-factor authentication protocols are supported by PingAM?

A) Open authentication

B) Security questions

C) Web authentication

D) Universal 2nd factor authentication

E) Push authentication

10. When defining a policy and specifying a resource pattern, which of the following statements is true concerning the difference between the wildcards * and -*-?

11. Which statement does not reflect best practice when configuring a PingAM cluster for secure communication with external servers?

12. Which one of the default PingAM audit log file contains messages related to changes made to sessions by end users?

13. A user enters their credentials, but is faced with the error message "user requires profile to login".

What is a possible cause of this message?

14. 1.In the default Cloud Developer Kit (CDK) deployment of the forgeops repository, which pods provide the user interface functionality?

15. Which feature of PingAM protects against cookie hijacking in a cross-domain single sign-on environment?

16. A non-authenticated user requests a resource protected by PingGateway or a Web Agent.

Put the following events of the authentication lifecycle in chronological order:

1. User answers the "questions asked" (callbacks) by PingAM.

2. User tries to access a resource protected by PingGateway or a Web Agent.

3. Session reaches a timeout value or user logs out.

4. PingGateway or the Web Agent validates the session.

5. User is redirected to the authentication user interface of PingAM.

6. User is redirected to the resource.

17. An OpenID Connect application makes a request for an ID token with the openid and profile scope.

Which set of claim attributes are available with the profile scope?

18. Which is the correct simplified TLS handshake sequence needed to authenticate clients using a mutual TLS exchange?

19. Which of the following would be a possible combination of fields in the JSON body when making a policy evaluation via REST?

20. Which of the following statements about the PingAM tree designer is not true?

21. Consider the following LDAP connection string:

DS1.example.com:389|01, DS2.example.com:389|01, DS2.example.com:389|02, DS1.example.com:389|02

This connection string can be used in:

A) Identity Store

B) Core Token Service

C) Configuration Data Store

Which of the above options are correct?

22. Which statements are correct about PingAM sessions?

A) When a web browser is involved, the web browser is instructed to set a cookie as the session reference.

B) When no browser is involved, PingAM returns the session reference in the JSON response.

C) PingAM can only track the session in the Core Token Service store.

D) The default session cookie name created in a web browser is iPlanetDirectoryPro.

23. Examining the following JSON object, what is a valid value for the type part (shown in bold font) of

the claim value in a PingAM implementation?

JSON

JSON

"act": {

"sub": "(type!subject)"

}

24. In order to support rollback in case of a failed PingAM upgrade in a two server PingDS environment, what PingDS safety measure can be configured?

25. What is the purpose of the extended metadata in PingAM?

26. The Core Token Service (CTS) can be used for storing which of the following?

27. In order to secure a PingAM deployment with an external configuration data store and user data store using server-side sessions, which of the following should be considered?

28. Which OAuth2 flow is most appropriate to support the use case of a client application implemented in a browser using a scripted language such as JavaScript?

29. If the session cookie is configured as a domain based cookie for the am.example.com domain, in which of the following domains is the cookie visible?

A. example.com

B. am.example.com

C. sub.am.example.com

D. login.am.example.com

30. When a user undergoes a session upgrade, what is the outcome?

31. Which of the following approaches can be used to configure a basic installation of PingAM?

32. What scope is required to be included in a client's request if you wish to utilize the OpenID Connect capabilities of PingAM's OAuth2 implementation?

33. What are the possible outcomes of the Push Result Verifier node?

34. Which of the following statements are correct regarding session upgrades in PingAM?

A) An authenticated user is required to authenticate again either to the same or a different authentication service.

B) The user must not change for the session upgrade to succeed.

C) The only PingAM mechanism to do a session upgrade is the ForceAuth=true request parameter.

D) A session upgrade is PingAM's mechanism to perform what is called step-up authentication.

35. Samantha decides to implement SAML2 auto-federation to link accounts on the service provider (SP) with the corresponding account in the identity provider (IdP).

Which of the following statements describe characteristics of auto-federation?

A) Linking is based on a common NameId format value.

B) Linking is achieved by using a common attribute value.11

C) The user must log in to the IdP only to link accounts.

D) The user must log in to both the SP and the IdP to link accounts. Answer Selection:

36. Which statements are correct about push notification authentication implemented with PingAM?

A) The user must have a device with a camera and install the Authenticator app.

B) The registration and authentication steps must be part of the same authentication tree.

C) To register a device the user scans a barcode with the Authenticator installed on their device.1

D) During subsequent authentication processes, PingAM instructs the push server to send a notification to the registered device, and waits for the user to use the Authenticator app to approve the request.2

37. If PingAM is deployed in Apache Tomcat under /openam, what file system backups should be taken when PingAM needs to be upgraded?

38. A SAML2 identity provider (IdP) is configured in a subrealm.

Which of the following URLs can be used to export the IdP metadata?

39. In a default PingAM configuration, what type of keystore stores the secret ID named storepass, which contains the encrypted password of the default-keystore secret store?

40. Which of the following is an incorrect statement about session upgrade outcomes?