PAM-CDE-RECERT CyberArk CDE Recertification Questions and Answers

True

False

Kerberos Tokens

IIS Application Pools

PowerShell Libraries

Loosely Connected Devices

In the Vault

On the target server

A & B

Nowhere because the public key can always be generated from the private key.

Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.

In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.

Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.

Executes password changes

Maintains Vault metadata

Makes Vault data accessible to components

Sends email alerts from the Vault

PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

PSM for Windows (previously known as RDP Proxy)

PSM for SSH (previously known as PSM-SSH Proxy)

All of the above

Operating System Username

Host IP Address

Client Hostname

Operating System Type (Linux/Windows/HP-UX)

Vault IP Address

Time Frame

Safe Name

Platform ID

All required properties specified in the Platform

Username

Address

Hostname

on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

on the Vault server in the certificate store and on the PVWA server in the certificate store

Vault Users

Vault Groups

LDAP Users

LDAP Groups

Create an exception to the Master Policy to exclude the group from the workflow process.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

True

False

PrivateArk Database

PrivateArk Server

CyberArk Vault Disaster Recovery (DR) service

CyberArk Logical Container

Accounts Discovery

Detecting accounts with PTA

A Rest API integration with account provisioning software

A DNA scan

The PSM software must be instated on the target server

PSM must be enabled in the Master Policy (either directly, or through exception)

PSMConnect must be added as a local user on the target server

RDP must be enabled on the target server

Platform Management > (Platform) > UI & Workflows

Master Policy > Session Management

Master Policy > Privileged Access Workflows

Administration > Options > Connection Components

1

2

3

4

The entire vault.

Network Areas

Safes

Individual Accounts

the CA Certificate that signed the certificate used by the External Directory

a CA signed Certificate for the Vault server

a CA signed Certificate for the PVWA server

a self-signed Certificate for the Vault

the vault will not allow this situation to occur.

only those permissions that exist on the group added to the safe first.

only those permissions that exist in all groups to which the user belongs.

the cumulative permissions of all groups to which that user belongs.

Update > General tab

Update > Authorizations tab

Update > Member Of tab

Update > Group tab

Vault Replicator

PAS Reporter

Remote Control Agent

Syslog

Policies > Master Policy > Allow EPV transparent connections > Inactive

Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

Policies > Master Policy > Allow EPV transparent connections > Active

Policies > Master Policy > Password Management

Accounts that were discovered by CyberArk in the last 30 days

Accounts that were discovered by CyberArk that have not yet been onboarded

All accounts added to the vault in the last 30 days

All users added to CyberArk in the last 30 days

True; this is the default behavior

False; this is not possible

True, if the AllowFailback setting is set to “yes” in the padr.ini file

True, if the AllowFailback setting is set to “yes” in the dbparm.ini file

Platform

Connection Component

CPM

Vault