CyberArk Defender Access v1.0

Page:    1 / 5   
Exam contains 64 questions

Which risk factors contribute to the user behavior risk score? (Choose two.)

  • A. operating system
  • B. geolocation
  • C. device certificate
  • D. session cookie
  • E. AD joined status of device


Answer : BE

Which browsers are supported for the "Land and Catch" feature? (Choose three.)

  • A. Google Chrome
  • B. Apple Safari
  • C. Microsoft Internet Explorer
  • D. Firefox
  • E. Microsoft Edge
  • F. Opera


Answer : ADE

You are tasked to enforce certificate based authentication onto all the domain-joined Windows machines within your organization. Based on the inventory record, there are 1000 Windows machines, which include 150 standalone Windows machines. The enrollment will be conducted from either the office network or through the Virtual Private Network (VPN).
Which parameter(s) should you define within the enrollment code to ensure the security of the code and that only the authorized endpoints get registered?

  • A. Set an expiration date defining when the code should expire.
  • B. Specify the maximum number of devices that can be enrolled.
  • C. Define the enrollment code to only the specific office/VPN IP network segment.
  • D. Define that only Linux machines may be enrolled.


Answer : AC

Refer to the exhibit.
This exhibit shows the base authentication policy for ACME Corporation. You must edit the policy to allow users to authenticate once if they fulfill certain authentication criteria.
How should you configure this policy to support BOTH?

  • A. Configure "Challenge Pass-Through Duration" to be "always".
  • B. Configure FIDO2 authenticator as Challenge 1.
  • C. Configure FIDO2 authenticator as Challenge 2.
  • D. Configure QR Code as "Single Authentication Mechanism".


Answer : D

Which dashboard can display the applications launched by users, the application type, and the number of times they were launched?

  • A. Admin Portal: Applications Dashboard
  • B. User Portal: Activity
  • C. Admin Portal: Overview Dashboard
  • D. User Behavioral Analytics Portal: Insights Application User Login Summary Dashboard


Answer : A

Which feature does the CyberArk Identity Connector provide?

  • A. web server with SAML federation to internal web applications
  • B. secured, mutually authenticated, inbound communication with CyberArk Identity SaaS
  • C. SCIM server for connecting to CyberArk Vault
  • D. remote access to internal web applications


Answer : B

You get the following error: "Not Authorized. You do not have permission to access this feature".
What is most likely the cause of the error?

  • A. A user tried to sign in to the wrong identity tenant.
  • B. A user tried to sign in before being created in Active Directory.
  • C. A user gave someone else access to his/her laptop.
  • D. A non-administrative user tried to access an administrative feature.


Answer : D

Refer to the exhibit.
How should you configure this default authentication policy to ensure users must authenticate every time they try to access the CyberArk Identity portal or web applications?

  • A. Check and enable QR Code under the "Single Authentication Mechanism" section.
  • B. Check and enable Security Questions and set the number to "1".
  • C. Check and Select "Challenge Pass-Through Duration" to be "No Pass Through".
  • D. Check and Select QR Code under Challenge 1.


Answer : C

Which Custom Template app connectors are appropriate to use if a website does not require user authentication?

  • A. Bookmark
  • B. Browser Extension
  • C. SAML
  • D. OpenID Connect


Answer : A

CyberArk Identity has created a CLI integration with which vendor?

  • A. Amazon Web Services (AWS)
  • B. Salesforce
  • C. Microsoft
  • D. Zoom


Answer : A

What can cause users to be prompted for unrecognized MFA factors, such as a wrong phone number or unregistered MFA factor?

  • A. Someone installed the CyberArk Identity mobile app on a different phone with their credentials.
  • B. The administrator switched authentication profiles.
  • C. They mistyped their username.
  • D. Someone registered their phone number to the wrong username.


Answer : C

Your Chief Executive Officer lost his phone and cannot perform MFA to log in to work.
How can you enable him to bypass MFA right away and not delay his work?

  • A. Add a security question to his account on his behalf.
  • B. Ask him to configure on-device authenticator.
  • C. Ask him to change his phone PIN.
  • D. Select the MFA Unlock action for him through the Admin Portal.


Answer : D

What is the most likely reason a CyberArk Identity admin would turn on the "Provisioning" feature within a Web App connector?

  • A. to ensure users are automatically on-boarded and off-boarded in a third-party application
  • B. to ensure users are provisioned with the appropriate devices when they start
  • C. to ensure the web app appears in the users' CyberArk Identity portal when they first sign in
  • D. to create an audit log of every time users sign into the web app


Answer : A

Your organization wants to implement passwordless authentication for business critical web applications. CyberArk Identity manages access to these applications.
What can you do to facilitate the enforcement of this passwordless authentication initiative? (Choose two.)

  • A. Configure a certificate-based authentication policy in CyberArk Identity that only allows access to CyberArk Identity or the business critical web applications.
  • B. Send an email to the affected users and get them to renew their authentication token(s).
  • C. Roll out the CyberArk Windows Cloud Agent to the affected endpoints.
  • D. Refresh the endpoint operating system and define the new authentication method.
  • E. Roll out Secure Web Sessions to the applicable users.


Answer : AC

Refer to the exhibit.
If an Authentication Policy is configured as shown in the exhibit, which statement is correct?

  • A. The Initial MFA challenge will be sent to the account in CyberArk Cloud Directory (Target).
  • B. Upon successful logon, the user will be logged in as the account in CyberArk Cloud Directory (Target).
  • C. Future MFA challenges will be sent to the account in AD (Source).
  • D. If there is no matching email between two accounts in AD (Source) and CyberArk Cloud Directory (Target), the mapping will then look for a matching User ID.


Answer : A

Page:    1 / 5   
Exam contains 64 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy