Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

PAM-CDE-RECERT CyberArk CDE Recertification Questions and Answers

Questions 4

Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Options:

A.

The Master Policy

B.

The Platform settings

C.

The Safe settings

D.

The Account Details

Buy Now
Questions 5

Which report could show all accounts that are past their expiration dates?

Options:

A.

Privileged Account Compliance Status report

B.

Activity log

C.

Privileged Account Inventory report

D.

Application Inventory report

Buy Now
Questions 6

Within the Vault each password is encrypted by:

Options:

A.

the server key

B.

the recovery public key

C.

the recovery private key

D.

its own unique key

Buy Now
Questions 7

Which certificate type do you need to configure the vault for LDAP over SSL?

Options:

A.

the CA Certificate that signed the certificate used by the External Directory

B.

a CA signed Certificate for the Vault server

C.

a CA signed Certificate for the PVWA server

D.

a self-signed Certificate for the Vault

Buy Now
Questions 8

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Buy Now
Questions 9

Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

Options:

A.

PAR Agent

B.

PrivateArk Server Central Administration

C.

Edit DBParm.ini in a text editor.

D.

Setup.exe

Buy Now
Questions 10

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Options:

A.

Suspected credential theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged privileged access

Buy Now
Questions 11

Select the best practice for storing the Master CD.

Options:

A.

Copy the files to the Vault server and discard the CD

B.

Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD

C.

Store the CD in a secure location, such as a physical safe

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault

Buy Now
Questions 12

What is a requirement for setting fault tolerance for PSMs?

Options:

A.

Use a load balancer

B.

use a backup solution

C.

CPM must be in all data centers

D.

Install the Vault in an HA Cluster

Buy Now
Questions 13

Which values are acceptable in the address field of an Account?

Options:

A.

It must be a Fully Qualified Domain Name (FQDN)

B.

It must be an IP address

C.

It must be NetBIOS name

D.

Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

Buy Now
Questions 14

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 15

What is the primary purpose of One Time Passwords?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.

Buy Now
Questions 16

Match each permission to where it can be found.

Options:

Buy Now
Questions 17

What is the purpose of the PrivateArk Database service?

Options:

A.

Communicates with components

B.

Sends email alerts from the Vault

C.

Executes password changes

D.

Maintains Vault metadata

Buy Now
Questions 18

If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

Options:

A.

KeyPath

B.

KeyFile

C.

ObjectName

D.

Address

Buy Now
Questions 19

Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Options:

A.

Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.

B.

Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.

C.

Yes, if a logon account is associated with the root account.

D.

No, it is not possible.

Buy Now
Questions 20

Which of the following properties are mandatory when adding accounts from a file? (Choose three.)

Options:

A.

Safe Name

B.

Platform ID

C.

All required properties specified in the Platform

D.

Username

E.

Address

F.

Hostname

Buy Now
Questions 21

Which keys are required to be present in order to start the PrivateArk Server service?

Options:

A.

Recovery public key

B.

Recovery private key

C.

Server key

D.

Safe key

Buy Now
Questions 22

A company requires challenge/response multi-factor authentication for PSMP sessions. Which server must you integrate with the CyberArk vault?

Options:

A.

LDAP

B.

PKI

C.

SAML

D.

RADIUS

Buy Now
Questions 23

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

Options:

A.

Operating System Username

B.

Host IP Address

C.

Client Hostname

D.

Operating System Type (Linux/Windows/HP-UX)

E.

Vault IP Address

F.

Time Frame

Buy Now
Questions 24

You receive this error:

“Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.”

Which root cause should you investigate?

Options:

A.

The account does not have sufficient permissions to change its own password.

B.

The domain controller is unreachable.

C.

The password has been changed recently and minimum password age is preventing the change.

D.

The CPM service is disabled and will need to be restarted.

Buy Now
Questions 25

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 26

Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation.

Options:

A.

255.255.255.255

B.

8.8.8.8

C.

192.168.1.1

D.

1.1.1.1

Buy Now
Questions 27

Which of these accounts onboarding methods is considered proactive?

Options:

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Buy Now
Questions 28

Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.

Options:

Buy Now
Questions 29

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Buy Now
Questions 30

Which report provides a list of account stored in the vault.

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Entitlement Report

D.

Active Log

Buy Now
Questions 31

When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

Options:

A.

List Accounts, View Safe Members

B.

Manage Safe Owners

C.

List Accounts, Access Safe without confirmation

D.

Manage Safe, View Audit

Buy Now
Exam Code: PAM-CDE-RECERT
Exam Name: CyberArk CDE Recertification
Last Update: Nov 23, 2024
Questions: 207
PAM-CDE-RECERT pdf

PAM-CDE-RECERT PDF

$25.5  $84.99
 Add to Cart
PAM-CDE-RECERT Engine

PAM-CDE-RECERT Testing Engine

$30  $99.99
 Add to Cart
PAM-CDE-RECERT PDF + Engine

PAM-CDE-RECERT PDF + Testing Engine

$40.5  $134.99
 Add to Cart