CyberArk Sentry - PAM v1.0

Page:    1 / 7   
Exam contains 103 questions
Expand All

Which parameter must be identical for both the Identity Provider (IdP) and the PVWA?

  • A. IdP “EntityID” and “PartnerIdentityProvider Name” in PVWA saml.config file
  • B. IdP “User name” and “SingleSignOnServiceUrl” in PVWA saml.config file
  • C. IdP “Audience” and “ServiceProviderName” in the PVWA saml.config file
  • D. IdP “Secure hash algorithm” and “Certificate” in the PVWA saml.config file


Answer : D

All 80 employees from your satellite Tokyo office are complaining that browsing the PVWA site is very slow; however, your New York headquarters users are not experiencing this. The current PAM solution is:
2 distributed Vaults, the primary one in New York and a satellite in Tokyo
2 PVWA servers, both in New York with load balancing configured
2 PSM servers, both in New York without load balancing configured
1 CPM server in New York
All PVWA, PSM, and CPM servers are connected to the primary Vault
Which proposal optimally resolves the performance issue while minimizing the impact to production?

  • A. Install two new PVWA servers in Tokyo data center, configure load balancing, connect to the local satellite Vault and provide the URL of new PVWA servers to the local employees.
  • B. Install two new PVWA servers in New York data center, configure load balancing and have them connect to the satellite Vault in Tokyo.
  • C. Install two new PSM servers in the Tokyo data center, configure load balancing, connect to the local satellite vault, and inform the local employees to browse using the same PVWA URL.
  • D. Change the current distributed Vaults architecture, migrate back to a Primary-DR architecture, install two new PVWA servers in the Tokyo data center and configure load balancing. Connect to the local DR Vault and provide the URL of new PVWA servers to the local employees.


Answer : A

You have been asked to limit a platform called “Windows_Servers” to safes called “WindowsDC1” and “WindowsDC2”. The platform must not be assigned to any other safe.
What is the correct way to accomplish this?

  • A. Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select General and modify “AllowedSafes” to be (WindowsDC1)|(WindowsDC2).
  • B. Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select Options and modify “AllowedSafes” to be (Win*).
  • C. Edit the “WindowsDC1” and “WindowsDC2” safes through Safe Management, Add “Windows_Servers” to the “AllowedPlatforms”.
  • D. Log in to PrivateArk using an Administrative user, Select File, Server File Categories, Locate the category “WindowsServersAllowedSafes” and specify “WindowsDC1,WindowsDC2”.


Answer : A

The account used to install a PVWA must have ownership of which safes? (Choose two.)

  • A. VaultInternal
  • B. PVWAConfig
  • C. System
  • D. Notification Engine
  • E. PVWAReports


Answer : AC

DRAG DROP -
Arrange the steps to install the Password Vault Web Access (PVWA) in the correct sequence.



Answer :

Which configuration file and Vault utility are used to migrate the server key to an HSM?

  • A. DBparm.ini and CAVaultManager.exe
  • B. VaultKeys.ini and CAVaultManager.exe
  • C. DBparm.ini and ChangeServerKeys.exe
  • D. VaultKeys.ini and ChangeServerKeys.exe


Answer : D

There is a requirement for a password to change between 01:00 and 03:00 on Saturdays and Sundays; however, this does not work consistently.
Which platform setting may be the cause?

  • A. The Interval setting for the platform is incorrect and must be less than 120.
  • B. The ImmediateInterval setting for the platform is incorrect and must be greater than or equal to 1.
  • C. The DaysToRun setting for the platform is incorrect and must be set to Sat,Sun.
  • D. The HeadStartInterval setting for the platform is incorrect and must be set to 0.


Answer : C

What must you do to synchronize a new Vault server with an organization’s NTP server?

  • A. Configure an AllowNonStandardFWAddresses rule for the organization’s NTP server in DBParm.ini on the Vault server.
  • B. Use the Windows Firewall console to configure a rule on the Vault server which allows communication with the organization’s NTP server.
  • C. Ensure the organization’s NTP server is installed in the same location as the Vault server requiring synchronization.
  • D. Update the AutoSyncExternalObjects configuration in DBParm.ini on the Vault server to schedule regular synchronization.


Answer : D

You need to add a new PSM server to an existing CyberArk environment.
What is the best way to determine the sizing of this server?

  • A. Review the “Recommended Server Specifications” for PSMs in the CyberArk Documents website.
  • B. Use the specifications of any existing PSM and request a server of the same size.
  • C. Use the CyberArk Support Knowledgebase, search for “PSM Sizing” and locate the Knowledgebase article related to sizing.
  • D. Refer to the Microsoft Windows website, determine the minimum specifications required for the Operating System you are installing, and then add 4 Gb of RAM and 20 GB of disk.


Answer : C

Which file must you edit to ensure the PSM for SSH server is not hardened automatically after installation?

  • A. vault.ini
  • B. user.cred
  • C. psmpparms
  • D. psmgw.config


Answer : D

When integrating a Vault with HSM, which file is uploaded to the HSM device?

  • A. server.key
  • B. recpub.key
  • C. recprv.key
  • D. mdbase.dat


Answer : C

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

  • A. Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.
  • B. In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent.
  • C. In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.
  • D. Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.


Answer : B

A customer wants to store PSM recordings for 100 days and estimates they will have 10 Windows sessions per day for 100 minutes each.
What is the minimum storage required for the Vault and PAReplicate for the PSM recordings?

  • A. 25 GB
  • B. 250 GB
  • C. 500 GB
  • D. 5 GB


Answer : B

In large-scale environments, it is important to enable the CPM to focus its search operations on specific Safes instead of scanning all Safes it sees in the Vault.
How is this accomplished?

  • A. Administration Options > CPM Settings
  • B. AllowedSafe Parameter on each platform policy
  • C. MaxConcurrentConnection parameter on each platform policy
  • D. Administration > Options > CPM Scanner


Answer : B

In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA_Hardening.ps1 perform when run? (Choose two.)

  • A. performs IIS hardening
  • B. configures all group policy settings
  • C. renames the local Administrator Account
  • D. configures Windows Firewall
  • E. imports the CyberArk INF configuration


Answer : AD

Page:    1 / 7   
Exam contains 103 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy