PAM-DEF Online Practice Questions and Answers

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

A. HeadStartInterval

B. Interval

C. ImmediateInterval

D. The CPM does not change the password under this circumstance

Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (Choose all that apply)

A. The PSM software must be instated on the target server

B. PSM must be enabled in the Master Policy (either directly, or through exception)

C. PSMConnect must be added as a local user on the target server

D. RDP must be enabled on the target server

Within the Vault each password is encrypted by:

A. the server key

B. the recovery public key

C. the recovery private key

D. its own unique key

VAULT authorizations may be granted to_____.

A. Vault Users

B. Vault Groups

C. LDAP Users

D. LDAP Groups

You are creating a shared safe for the help desk.

What must be considered regarding the naming convention?

A. Ensure the naming convention does not exceed 28 characters.

B. Combine environments, owners and platforms to minimize the total number of safes created.

C. Safe owners should determine the safe name to enable them to easily remember it.

D. The word "Safe" cannot be used.

What is the purpose of the CyberArk Event Notification Engine service?

A. It sends email messages from the Central Policy Manager (CPM)

B. It sends email messages from the Vault

C. It processes audit report messages

D. It makes Vault data available to components

Which PTA sensors are required to detect suspected credential theft?

A. Logs, Vault Logs

B. Logs, Network Sensor, Vault Logs

C. Logs, PSM Logs, CPM Logs

D. Logs, Network Sensor, EPM

Which certificate type do you need to configure the vault for LDAP over SSL?

A. the CA Certificate that signed the certificate used by the External Directory

B. a CA signed Certificate for the Vault server

C. a CA signed Certificate for the PVWA server

D. a self-signed Certificate for the Vault

A password compliance audit found:

1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced.

2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM.

What should you do to address these findings?

A. Edit the Master Policy and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

B. Edit safe properties and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

C. Edit CPM Settings and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

D. Contact the Windows Administrators and request them to add two policy exceptions at Active Directory Level: enable "Enforce one-time password access", enable "Record and save session activity".

Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

A. Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.

B. Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.

C. Yes, if a logon account is associated with the root account.

D. No, it is not possible.