New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Dumpsbuddy Logo
  1. Home
  2. CyberArk
  3. Defender - Sentry (Combined)
  4. CAU302
  5. CyberArk Defender + Sentry Questions and Answers

CAU302 CyberArk Defender + Sentry Questions and Answers

Questions 4

The Vault server requires WINS services to work properly.

Options:

A.

True

B.

False

Buy Now
Questions 5

What is the PRIMARY reason for installing more than 1 active CPM?

Options:

A.

Installing CPMs in multiple sites prevents complex firewall rules to manage devices at remote sites.

B.

Multiple instances create fault tolerance.

C.

Multiple instances increase response time.

D.

Having additional CPMs increases the maximum number of devices CyberArk can manage

Buy Now
Questions 6

The Vault supports multiple instances of the following components Choose all that Apply

Options:

A.

PVWA

B.

CPM

C.

PSM

D.

AIM Provider

Buy Now
Questions 7

Which of the following are secure options for storing the contents of the Operator CD. while still allowing the contents to be accessible upon a planned Vault restart? Choose alt that apply

Options:

A.

Store the CD in a physical safe and mount the CD every time vault maintenance is performed.

B.

Copy the contents of the CD to the System Safe on the vault

C.

Copy the contents of the CD to a folder on the vault server and secure it with NTFS permissions.

D.

Store the server key in a Hardware Security Module.

E.

Store the server key in the Provider cache

Buy Now
Questions 8

The vault does not support Subnet Based Access Control.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 9

The DR module allows an integration with Enterprise Backup software

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 10

It is impossible to override Master Policy settings for a Platform

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 11

Which service is optional on the Vault?

Options:

A.

PrivateArk Server

B.

PrivateArk Remote Control Agent

C.

PrivateArk Database

D.

CyberArk Hardened Windows Firewall

Buy Now
Questions 12

Which utility can be used to copy a server key to an HSM?

Options:

A.

PrivateArk Client

B.

A proprietary utility provided by the HSM Vendor

C.

ChangeServerKeys.exe

D.

CAVaultManager.exe

Buy Now
Questions 13

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 14

Name two ways of viewing the ITAlog:

Options:

A.

Log into the vault locally and navigate to the Server folder under the PrivateArk install location.

B.

Log into the PVWA and go to the Reports tab.

C.

Access the System Safe from the PrivateArk client.

D.

Go to the Thirdpary log directory on the CPM

Buy Now
Questions 15

Accounts Discovery allows secure connections to domain controllers.

Options:

A.

True

B.

False

Buy Now
Questions 16

A vault admin received an email notification that a password verification process has failed Which service sent the message?

Options:

A.

The PrivateArk Server Service on the Vault.

B.

The CyberArk Password Manager service on the Components Server.

C.

The CyberArk Event Notification Engine Service on the Vault

D.

The CyberArk Privileged Session Manager service on the Vault.

Buy Now
Questions 17

Which file is used to configure the ENE service?

Options:

A.

ENE.ini

B.

ENEConfig.ini

C.

dbparm.ini

D.

paragent.ini

Buy Now
Questions 18

What are the functions of the Remote Control Agent service? (Choose all that apply.)

Options:

A.

Allows remote monitoring of the Vault

B.

Sends SNMP traps from the Vault

C.

Maintains audit data

D.

Allows CyberArk Services to be managed (start/stop/status) remotely

Buy Now
Questions 19

During ENE integration you should specify the Fully-Qualified Domain Name (FQDN) of the SMTP Gateway server.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 20

Which of the following is considered a prerequisite for installing PSM?

Options:

A.

IIS web services role

B.

HTML5 Gateway

C.

Provider

D.

Remote Desktop Services

Buy Now
Questions 21

In an SIEM integration it is recommended to use the fully-qualified domain name (FGDN) when specifying the SIEM server address(es).

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 22

The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a “Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry.

Options:

A.

The PSM Component Server is configured as defined in PAS Installation Guide.

B.

The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed and must be rebuilt.

C.

The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed. Hardening procedures must be applied manually to the existing configuration.

D.

The PSM Component Server has been installed correctly but PVWA Hardening procedures have not been followed. Hardening procedures can be applied via the Installation Automation script or manually to the existing configuration.

Buy Now
Questions 23

When a group is granted the ‘Authorize Account Requests’ permission on a safe Dual Control requests must

be approved by:

Options:

A.

Any one person from that group

B.

Every person from that group

C.

The number of persons specified by the Master Policy

D.

That access cannot be granted to groups

Buy Now
Questions 24

PSM for SSH (previously known as “PSM SSH Proxy”) supports connections to the following target systems:

Options:

A.

Windows

B.

UNIX

C.

Oracle

D.

All of the above

Buy Now
Questions 25

An Auditor needs to login to the PSM in order to live monitor an active session. Which User ID is used to establish the RDP connection to the PSM server?

Options:

A.

PSMConnect

B.

PSMMaster

C.

PSMGwUser

D.

PSMAdminConnect

Buy Now
Questions 26

During the process of installing the Central Policy Manager (CPM), the Vault administrator will be asked to provide the credentials for an administrative user in the Vault. For which purpose are these credentials used?

Options:

A.

The credentials will be used later by the CPM to retrieve passwords from the Vault.

B.

The credentials are used by the installer to register the CPM in the CyberArk database.

C.

The credentials are used by the installer to authenticate to the Vault and create the Central Policy Manager (CPM) environment (Safes, users, etc.).

D.

The credentials will be used later by the CPM to update passwords in the Vault.

Buy Now
Questions 27

What is the primary purpose of Dual Control?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Buy Now
Questions 28

Any user can monitor live sessions in real time when initiating RDP connection via Secure Connect through PSM.

Options:

A.

True

B.

False

Buy Now
Questions 29

To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults. Which file needs to be changed on the PVWA to enable this setup?

Options:

A.

Vault.ini

B.

dbparm.ini

C.

pvwa.ini

D.

Satellite.ini

Buy Now
Questions 30

What is the primary purpose of One Time Passwords?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Buy Now
Questions 31

A Simple Network Management Protocol (SNMP) integration allows the Vault administrator to forward ITALOG records to a monitoring solution.

Options:

A.

True

B.

False

Buy Now
Questions 32

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Options:

A.

True, this is the default behavior.

B.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file.

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file.

D.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file.

Buy Now
Questions 33

Which Master Policy?

Options:

A.

Password Expiration Time

B.

Enabling and Disabling of the Connection Through the PSM

C.

Password Complexity

D.

The use of "One-Time-Passwords"

Buy Now
Questions 34

When accessing the Vault via PVWA, is it possible, is it possible to configure multiple Dual Authentication Methods?

Options:

A.

Yes, all authentication methods will be configured to use the Vault integrated authentication flow.

B.

No, dual authentication methods are not supported.

C.

Yes, authentication methods will be configured to use the combination of IIS and Vault integrated authentication flow.

D.

Yes, all authentication methods will be configured to use the IIS integrated authentication flow.

Buy Now
Questions 35

The vault does not support Role Based Access Control

Options:

A.

TRUE

B.

FALSE

Buy Now
Exam Code: CAU302
Exam Name: CyberArk Defender + Sentry
Last Update: Dec 22, 2024
Questions: 237

PDF + Testing Engine

$134.99
buy now CAU302 pdf + testing engine

Testing Engine

$99.99
buy now CAU302 testing engine

PDF (Q&A)

$84.99
buy now CAU302 pdf