Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors

PAM-DEF CyberArk Defender - PAM Questions and Answers

Questions 4

Which accounts can be selected for use in the Windows discovery process? (Choose two.)

Options:

A.

an account stored in the Vault

B.

an account specified by the user

C.

the Vault Administrator

D.

any user with Auditor membership

E.

the PasswordManager user

Buy Now
Questions 5

Which statement about the Master Policy best describes the differences between one-time password and exclusive access functionality?

Options:

A.

Exclusive access means that only a specific group of users may use the account. After an account on a one-time password platform is used, the account is deleted from the safe automatically.

B.

Exclusive access locks the account indefinitely. One-time password can be used replace invalid account passwords.

C.

Exclusive access is enabled by default in the Master Policy. One-time password should only be enabled for emergencies.

D.

Exclusive access allows only one person to check-out an account at a time. One-time password schedules an account for a password change after the MinValidityPeriod period expires.

Buy Now
Questions 6

Which dependent accounts does the CPM support out-of-the-box? (Choose three.)

Options:

A.

Solaris Configuration file

B.

Windows Services

C.

Windows Scheduled

D.

Windows DCOM Applications

E.

Windows Registry

F.

Key Tab file

Buy Now
Questions 7

Which is the primary purpose of exclusive accounts?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Buy Now
Questions 8

Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Options:

A.

Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.

B.

Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.

C.

Yes, if a logon account is associated with the root account.

D.

No, it is not possible.

Buy Now
Questions 9

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Buy Now
Questions 10

Users are unable to launch Web Type Connection components from the PSM server. Your manager asked you to open the case with CyberArk Support.

Which logs will help the CyberArk Support Team debug the issue? (Choose three.)

Options:

A.

PSMConsole.log

B.

PSMDebug.log

C.

PSMTrace.log

D.

.Component.log

E.

PMconsole.log

F.

ITAlog.log

Buy Now
Questions 11

A new HTML5 Gateway has been deployed in your organization.

Where do you configure the PSM to use the HTML5 Gateway?

Options:

A.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway

B.

Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers

C.

Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway

D.

Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details

Buy Now
Questions 12

What is required to enable access over SSH to a Unix account through both PSM and PSMP?

Options:

A.

The platform must contain connection components for PSM-SSH and PSMP-SSH.

B.

PSM and PSMP must already have stored the SSH Fingerprint for the Unix host.

C.

The 'Enable PSMP' setting in the Unix platform must be set to Yes.

D.

A duplicate platform (Called) with the PSMP settings must be created.

Buy Now
Questions 13

You are configuring a Vault HA cluster.

Which file should you check to confirm the correct drives have been assigned for the location of the Quorum and Safes data disks?

Options:

A.

ClusterVault.ini

B.

my.ini

C.

vault.ini

D.

DBParm.ini

Buy Now
Questions 14

You have been asked to identify the up or down status of Vault services.

Which CyberArk utility can you use to accomplish this task?

Options:

A.

Vault Replicator

B.

PAS Reporter

C.

Remote Control Agent

D.

Syslog

Buy Now
Questions 15

How much disk space do you need on a server to run a full replication with PAReplicate?

Options:

A.

500 GB

B.

1 TB

C.

same as disk size on Satellite Vault

D.

at least the same disk size as the Primary Vault

Buy Now
Questions 16

Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.

Which steps should you perform to restore DR replication to normal?

Options:

A.

Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

B.

Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

C.

Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

D.

Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

Buy Now
Questions 17

When managing SSH keys, the CPM stores the Public Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the public key can always be generated from the private key.

Buy Now
Questions 18

Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Options:

A.

Use Accounts, Retrieve Accounts, List Accounts

B.

Use Accounts, List Accounts

C.

Use Accounts

D.

List Accounts, Retrieve Accounts

Buy Now
Questions 19

A new colleague created a directory mapping between the Active Directory groups and the Vault.

Where can the newly Configured directory mapping be tested?

Options:

A.

Connect to the Active Directory and ensure the organizational unit exists.

B.

Connect to Sailpoint (or similar tool) to ensure the organizational unit is correctly named; log in to the PVWA with "Administrator" and confirm authentication succeeds.

C.

Search for members that exist only in the mapping group to grant them safe permissions through the PVWA.

D.

Connect to the PrivateArk Client with the Administrator Account to see if there is a user in the Vault Admin Group.

Buy Now
Questions 20

Before failing back to the production infrastructure after a DR exercise, what must you do to maintain audit history during the DR event?

Options:

A.

Ensure that the Production Instance replicates changes that occurred from the Disaster Recovery Instance.

B.

Briefly stop and start the Disaster Recovery Instance before attempting to fail components back to the Production Instance.

C.

Stop the CPM services before starting the production server.

D.

Perform an IIS Reset on all PVWA servers.

Buy Now
Questions 21

When managing SSH keys, the CPM stored the Private Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the private key can always be generated from the public key.

Buy Now
Questions 22

You have been given the requirement that certain accounts cannot have their passwords updated during business hours.

How can you set up a configuration to meet this requirement?

Options:

A.

Change settings on the CPM configuration safe so that access is permitted after business hours only.

B.

Update the password change parameters of the platform to match the permitted time frame.

C.

Disable automatic CPM management for all accounts that are assigned to this platform.

D.

Add an exception to the Master Policy to allow the action for this platform during the permitted time.

Buy Now
Questions 23

When the CPM connects to a database, which interface is most commonly used?

Options:

A.

Kerberos

B.

ODBC

C.

VBScript

D.

Sybase

Buy Now
Questions 24

Refer to the exhibit.

PAM-DEF Question 24

Why is user "EMEALevel2Support" unable to change the password for user "Operator"?

Options:

A.

EMEALevel2Support’s hierarchy level is not the same or higher than Operator.

B.

EMEALevel2Support does not have the "Manage Directory Mapping" role.

C.

Operator can only be reset by the Master user.

D.

EMEALevel2Support does not have rights to reset passwords for other users.

Buy Now
Questions 25

According to CyberArk, which issues most commonly cause installed components to display as disconnected in the System Health Dashboard? (Choose two.)

Options:

A.

network instabilities/outages

B.

vault license expiry

C.

credential de-sync

D.

browser compatibility issues

E.

installed location file corruption

Buy Now
Questions 26

Which statement is true about setting the reconcile account at the platform level?

Options:

A.

This is the only way to enable automatic reconciliation of account passwords.

B.

CPM performance will be improved when the reconcile account is set at the platform level.

C.

A rule can be used to specify the reconcile account dynamically or a specific reconcile account can be selected.

D.

This configuration prevents the association from becoming broken if the reconcile account is moved to a different safe.

Buy Now
Questions 27

It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

In the Private Ark client under the Tools menu > Administrative Tools > Users and Groups, which option do you use to update users’ Vault group memberships?

Options:

A.

Update > General tab

B.

Update > Authorizations tab

C.

Update > Member Of tab

D.

Update > Group tab

Buy Now
Questions 29

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account’s password the Central Policy Manager (CPM) will:

Options:

A.

ignore the logon account and attempt to log in as root

B.

prompt the end user with a dialog box asking for the login account to use

C.

log in first with the logon account, then run the SU command to log in as root using the password in the Vault

D.

none of these

Buy Now
Questions 30

Match the log file name with the CyberArk Component that generates the log.

PAM-DEF Question 30

Options:

Buy Now
Questions 31

To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

Options:

A.

List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

B.

List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

C.

Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

D.

View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

Buy Now
Questions 32

Which values are acceptable in the address field of an Account?

Options:

A.

It must be a Fully Qualified Domain Name (FQDN)

B.

It must be an IP address

C.

It must be NetBIOS name

D.

Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

Buy Now
Questions 33

Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Options:

A.

Domain Admin

B.

LDAP Admin

C.

Read/Write

D.

Read

Buy Now
Questions 34

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Buy Now
Questions 35

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Options:

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Buy Now
Questions 36

Match each PTA alert category with the PTA sensors that collect the data for it.

PAM-DEF Question 36

Options:

Buy Now
Questions 37

dbparm.ini is the main configuration file for the Vault.

Options:

A.

True

B.

False

Buy Now
Questions 38

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Options:

A.

Export Vault Data

B.

Export Vault Information

C.

PrivateArk Client

D.

Privileged Threat Analytics

Buy Now
Questions 39

Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

Options:

A.

PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM-SSH Proxy)

D.

All of the above

Buy Now
Questions 40

Where can a user with the appropriate permissions generate a report? (Choose two.)

Options:

A.

PVWA > Reports

B.

PrivateArk Client

C.

Cluster Vault Manager

D.

PrivateArk Server Monitor

E.

PARClient

Buy Now
Questions 41

Which usage can be added as a service account platform?

Options:

A.

Kerberos Tokens

B.

IIS Application Pools

C.

PowerShell Libraries

D.

Loosely Connected Devices

Buy Now
Questions 42

You notice an authentication failure entry for the DR user in the ITALog.

What is the correct process to fix this error? (Choose two.)

Options:

A.

PrivateArk Client > Tools > Administrative Tools > Users and Groups > DR User > Update > Authentication > Update Password.

B.

Create a new credential file, on the DR Vault, using the CreateCredFile utility and the newly set password.

С. Create a new credential file, on the Primary Vault, using the CreateCredFile utility and the newly set password.

C.

PVWA > User Provisioning > Users and Groups > DR User > Update Password.

D.

PrivateArk Client > Tools > Administrative Tools > Users and Groups > PAReplicate User > Update > Authentication > Update Password.

Buy Now
Questions 43

Match each key to its recommended storage location.

PAM-DEF Question 43

Options:

Buy Now
Questions 44

Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Options:

A.

Accounts Discovery

B.

Auto Detection

C.

Onboarding RestAPI functions

D.

PTA Rules

Buy Now
Questions 45

CyberArk recommends implementing object level access control on all Safes.

Options:

A.

True

B.

False

Buy Now
Questions 46

A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.

What is the issue?

Options:

A.

The user must login as PSMAdminConnect

B.

The PSM service is not running

C.

The user is not a member of the PVWAMonitor group

D.

The user is not a member of the Auditors group

Buy Now
Questions 47

Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

Options:

A.

They are added to the Pending Accounts list and can be reviewed and manually uploaded.

B.

They cannot be onboarded to the Password Vault.

C.

They must be uploaded using third party tools.

D.

They are not part of the Discovery Process.

Buy Now
Questions 48

If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

Options:

A.

KeyPath

B.

KeyFile

C.

ObjectName

D.

Address

Buy Now
Questions 49

The Active Directory User configured for Windows Discovery needs which permission(s) or membership?

Options:

A.

Member of Domain Admin Group

B.

Member of LDAP Admin Group

C.

Read and Write Permissions

D.

Read Only Permissions

Buy Now
Questions 50

Match each component to its respective Log File location.

PAM-DEF Question 50

Options:

Buy Now
Questions 51

A new HTML5 Gateway has been deployed in your organization.

From the PVWA, arrange the steps to configure a PSM host to use the HTML5 Gateway in the correct sequence.

PAM-DEF Question 51

Options:

Buy Now
Questions 52

Which of the following options is not set in the Master Policy?

Options:

A.

Password Expiration Time

B.

Enabling and Disabling of the Connection Through the PSM

C.

Password Complexity

D.

The use of “One-Time-Passwords”

Buy Now
Questions 53

The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 54

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

Options:

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Buy Now
Questions 55

Which Automatic Remediation is configurable for a PTA detection of a “Suspected Credential Theft”?

Options:

A.

Add to Pending

B.

Rotate Credentials

C.

Reconcile Credentials

D.

Disable Account

Buy Now
Questions 56

Which report shows the accounts that are accessible to each user?

Options:

A.

Activity report

B.

Entitlement report

C.

Privileged Accounts Compliance Status report

D.

Applications Inventory report

Buy Now
Questions 57

Match the connection component to the corresponding OS/Function.

PAM-DEF Question 57

Options:

Buy Now
Questions 58

A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.

Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

Options:

A.

PVWA > User Provisioning > LDAP Integration > Mapping Criteria

B.

PVWA > User Provisioning > LDAP Integration > Map Name

C.

PVWA > Administration > LDAP Integration > Mappings

D.

PVWA > Administration > LDAP Integration > AD Groups

Buy Now
Questions 59

Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.

How do you accomplish this?

Options:

A.

Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies

B.

Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording Most Voted

C.

Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies

D.

Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies

Buy Now
Questions 60

In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA?

Options:

A.

PVWAMonitor

B.

ReportUsers

C.

PVWAReports

D.

Operators

Buy Now
Questions 61

A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

Options:

A.

createcredfile.exe

B.

cavaultmanager.exe

C.

PrivateArk

D.

PVWA

Buy Now
Questions 62

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Options:

A.

True.

B.

False. Because the user can also enter credentials manually using Secure Connect.

C.

False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSM Connect.

D.

False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.

Buy Now
Questions 63

Which certificate type do you need to configure the vault for LDAP over SSL?

Options:

A.

the CA Certificate that signed the certificate used by the External Directory

B.

a CA signed Certificate for the Vault server

C.

a CA signed Certificate for the PVWA server

D.

a self-signed Certificate for the Vault

Buy Now
Questions 64

You created a new platform by duplicating the out-of-box Linux through the SSH platform.

Without any change, which Text Recorder Type(s) will the new platform support? (Choose two.)

Options:

A.

SSH Text Recorder

B.

Universal Keystrokes Text Recorder

C.

Events Text Recorder

D.

SQL Text Recorder

E.

Telnet Commands Text Recorder

Buy Now
Questions 65

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Options:

A.

Create an exception to the Master Policy to exclude the group from the workflow process.

B.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

C.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

D.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

Buy Now
Questions 66

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Buy Now
Questions 67

Which of these accounts onboarding methods is considered proactive?

Options:

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Buy Now
Questions 68

You want to build a connector that connects to a website through the Web applications for PSM framework.

Which default connector do you duplicate and modify?

Options:

A.

PSM-ChromeSample

B.

PSM-WebForm

C.

PSM-WebApp

D.

PSM-WebAppSample

Buy Now
Questions 69

If PTA is integrated with a supported SIEM solution, which detection becomes available?

Options:

A.

unmanaged privileged account

B.

privileged access to the Vault during irregular days

C.

riskySPN

D.

exposed credentials

Buy Now
Questions 70

Which processes reduce the risk of credential theft? (Choose two.)

Options:

A.

require dual control password access approval

B.

require password change every X days

C.

enforce check-in/check-out exclusive access

D.

enforce one-time password access

Buy Now
Questions 71

Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

Options:

A.

PACli.ini

B.

Vault.ini

C.

conf.ini

D.

A comma delimited upload file

Buy Now
Questions 72

You have been asked to create an account group and assign three accounts which belong to a cluster. When you try to create a new group, you receive an unauthorized error; however, you are able to edit other aspects of the account properties.

Which safe permission do you need to manage account groups?

Options:

A.

create folders Most Voted

B.

specify next account content

C.

rename accounts

D.

manage safe

Buy Now
Exam Code: PAM-DEF
Exam Name: CyberArk Defender - PAM
Last Update: Nov 20, 2024
Questions: 239

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now PAM-DEF testing engine

PDF (Q&A)

$35  $99.99
buy now PAM-DEF pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 21 Nov 2024