1. To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers need to be configured to communicate with the Primary Vault and Satellite Vaults.

What file needs to be changed on the PVWA to enable this setup?

2. Auto-Detection can be configured to leverage LDAP/S.

3. Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

4. When a group is granted the ‘Authorize Account Requests’ permission on a safe Dual Control requests must be approved by:

5. When creating an onboarding rule, it will be executed upon.

6. You are successfully managing passwords in the alpha.cyberark com domain; however when you attempt to manage a password in the beta.cyberark.com domain, you receive the 'network path not found* error.

What should you check first?

7. Which service should NOT be running on the DR Vault when the primary production Vault is up?

8. Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply

9. What is the primary purpose of Exclusive Accounts?

10. Which of the following are prerequisites for installing PVWA Check all that Apply

11. To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults.

Which file needs to be changed on the PVWA to enable this setup?

12. PSM captures a record of each command that was issues in SQL Plus.

13. In Accounts Discovery, you can configure a Windows discovery to scan______________.

14. One of your users is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign in to the pvwa.

Which utility would you use to correct this problem?

15. Which of the following is NOT a use case for installing multiple CPMS?

16. Which service should NOT be running on the DR Vault when the primary Production Vault is up?

17. Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the domain controller during LDAP/S integration?

18. What is the purpose of the password Change process?

19. Which keys are required to be present in order to start the PrivateArk Server Service? Select all that apply.

20. Which utilities could you use to change debugging levels on the vault without having to restart the vault Select all that apply.

21. What is the purpose of the CyberArk Event Notification Engine service.

22. The Vault does not support dual factor authentication.

23. Any user can monitor live sessions in real time when users initiate RDP connection via Secure Connect through PSM?

24. A safe was recently created by a user who is a member of the LDAP Vault Administrators group.

Which of the following users does not have access to the newly created safe by default?

25. Which file is used to configure the ENE service?

26. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to UnixAdmins? Check all that apply

27. The Application Inventory report is related to AIM.

28. When managing SSH keys, the CPM stores the Public Key ________________.

29. The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a “Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry.

30. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.)

31. tsparm.ini is the main configuration file for the vault.

32. What is the proper way to allow the Vault to resolve host names?

33. Which one of the following reports is NOT generated by using the PVWA?

34. When working with the CyberArk Disaster Recovery (DR) solution, which services should be running on the DR Vault?

35. Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests?

36. Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

37. Name two ways of viewing the ITAlog:

38. Which utility can be used to copy a server key to an HSM?

39. What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

40. Which combination of safe member permissions will allow End Users to log in to a remote machine transparently but NOT show or copy the password?

41. A SIEM integration allows you to forward ITALOG records to a monitoring solution.

42. You have associated a logon account to one of your UNIX root accounts in the vault When attempting to verify the root account's password the CPM will...

43. Which of the following sends out Simple Network Management Protocol (SNMP) traps?

44. The Vault Internal safe contains all of the configuration for the vault.

45. What is the purpose of a password group?

46. Which credentials does CyberArk use when managing a target account?

47. What is the proper way to allow the Vault to resolve host names?

48. Time of day of week restrictions on when password changes can occur are configured in ________________.

49. In a Disaster Recovery (DR) environment, which of the following should NEVER be configured for automatic failover due to the possibility of split-brain phenomenon?

50. A SIEM integration allows you to forward audit records to a monitoring solution.

51. A Reconcile Account can be specified in the Master Policy.

52. What is the chief benefit of PSM?

53. Which of the Following can be configured in the Master Policy? Choose all that apply

54. What is the primary purpose of Dual Control?

55. It is possible to restrict the time of day. or day of week that a verify process can occur

56. The Vault supports multiple instances of the following components Choose all that Apply

57. A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.

What is the issue?

58. Which is the purpose of the HeadStartInterval setting in a platform?

59. The Vault server requires WINS services to work properly.

60. When managing SSH keys. CPM automatically pushes the Public Key to the target system.

61. What is the purpose of the Interval setting in a CPM policy?

62. Multiple PVWA servers provide automatic load balancing.

63. Is it possible to modify the CyberArk Vault Audit Log?

64. Which of the following logs contain information about errors related to PTA?

65. PSM captures a record of each command that was executed in Unix.

66. The System safe allows access to the Vault configuration files.

67. Which of these accounts onboarding methods is considered proactive?

68. Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

69. A logon account can be specified in the platform settings.

70. When the PSM Gateway (also known as the HTML5 ( End Point in order to launch connections via the PSM

71. What is the purpose of the password verify process?

72. Accounts Discovery allows secure connections to domain controllers.

73. Access Control to passwords is implemented by ________________.

74. It is possible to control the hours of the day during which a safe may be used.

75. In a Distributed Vaults environment, which of the following components will NOT be communicating with the Satellite Vaults?

76. Which Master Policy?

77. One can create exceptions to the Master Policy based on_________.

78. It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

79. In accordance with best practice. SSH access is denied for root accounts on UNIX/LINUX systems.

What is the BEST way to allow CPM to manage root accounts?

80. According to the default web options settings, which group grants access to the reports page?