Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. CyberArk
  3. CyberArk CDE Certification
  4. PAM-CDE-RECERT - CyberArk CDE Recertification

CyberArk PAM-CDE-RECERT CyberArk CDE Recertification Exam Practice Test

Page: 1 / 22
Total 221 questions
Get PAM-CDE-RECERT Full Access Download PAM-CDE-RECERT PDF

CyberArk CDE Recertification Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$52.5  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Add to Cart
Question 1

Which is the primary purpose of exclusive accounts?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization

Question 2

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

Options:

A.

PSM-SSH Connection Component

B.

UnixPrompts.ini

C.

UnixProcess.ini

D.

PSM-RDP Connection Component

Question 3

When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

Options:

A.

True; this is the default behavior

B.

False; this is not possible

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file

D.

True, if the AllowFailback setting is set to “yes” in the dbparm.ini file

Question 4

Which item is an option for PSM recording customization?

Options:

A.

Windows events text recorder with automatic play-back

B.

Windows events text recorder and universal keystrokes recording simultaneously

C.

Universal keystrokes text recorder with windows events text recorder disabled

D.

Custom audio recording for windows events

Question 5

You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission.

Where do you update this permission for all auditors?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Vault Authorizations

B.

Private Ark Client > Tools > Administrative Tools > Users and Groups > Auditors > Authorizations tab

C.

PVWA User Provisioning > LDAP integration > Vault Auditors Mapping > Vault Authorizations

D.

PVWA> Administration > Configuration Options > LDAP integration > Vault Auditors Mapping > Vault Authorizations

Question 6

The System safe allows access to the Vault configuration files.

Options:

A.

TRUE

B.

FALS

Question 7

To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?

Options:

A.

List Accounts, Use Accounts

B.

List Accounts, Use Accounts, Retrieve Accounts

C.

Use Accounts

D.

List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation

Question 8

What is the chief benefit of PSM?

Options:

A.

Privileged session isolation

B.

Automatic password management

C.

Privileged session recording

D.

‘Privileged session isolation’ and ‘Privileged session recording’

Question 9

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

Options:

A.

True

B.

False

Question 10

When managing SSH keys, the CPM stores the Public Key

Options:

A.

In the Vault

B.

On the target server

C.

A & B

D.

Nowhere because the public key can always be generated from the private key.

Question 11

What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?

Options:

A.

UnixPrompts.ini

B.

plink.exe

C.

dbparm.ini

D.

PVConfig.xml

Question 12

What is a requirement for setting fault tolerance for PSMs?

Options:

A.

Use a load balancer

B.

use a backup solution

C.

CPM must be in all data centers

D.

Install the Vault in an HA Cluster

Question 13

What is the purpose of the password change process?

Options:

A.

To test that CyberArk is storing accurate credentials for accounts

B.

To change the password of an account according to organizationally defined password rules

C.

To allow CyberArk to manage unknown or lost credentials

D.

To generate a new complex password

Question 14

Which command configures email alerts within PTA if settings need to be changed post install?

Options:

A.

/opt/tomcat/utility/emailConfiguration.sh

B.

/opt/PTA/emailConfiguration.sh

C.

/opt/PTA/utility/emailConfig.sh

D.

/opt/tomcat/utility/emailSetup.sh

Question 15

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Options:

A.

on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

B.

on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Question 16

Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

Options:

A.

They are added to the Pending Accounts list and can be reviewed and manually uploaded.

B.

They cannot be onboarded to the Password Vault.

C.

They must be uploaded using third party tools.

D.

They are not part of the Discovery Process.

Question 17

You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.

What do you need to recover and decrypt the object? (Choose three.)

Options:

A.

Recovery Private Key

B.

Recover.exe

C.

Vault data

D.

Recovery Public Key

E.

Server Key

F.

Master Password

Question 18

You have been asked to limit a platform called "Wmdows_Servers" to safes called "WindowsDCT and "WindowsDC2" The platform must not be assigned to any other safe What is the correct way to accomplish this?

Options:

A.

Edit the "Wmdows_Servers" platform, expand "Automatic Password Management", then select General and modify "AllowedSafes" to be (WindowsDC1)|(WindowsDC2).

B.

Edit the "Windows_Servers" platform, expand "Automatic Password Management", then select Options and modify "AllowedSafes" to be (Win")

C.

Edit the "WindowsDCI" and "WindowsDC2" safes through Safe Management. Add "Wmdows_Servers" to the "AliowedPlatforms".

D.

Log in to PnvateArk using an Administrative user, Select File Server File Categories. Locate the category "WindowsServersAllowedSafes" and specify "WindowsDC! WindowsDC2"

Question 19

You have been asked to configure SNMP remote monitoring for your organization's Vault servers. In the PARAgent.ini, which parameter specifies the destination of the Vault SNMP Traps?

Options:

A.

SNMPHostIP

B.

SNMPTrapPort

C.

SNMPCommunity

D.

SNMP Version

Question 20

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Question 21

What is the purpose of the PrivateArk Server service?

Options:

A.

Executes password changes

B.

Maintains Vault metadata

C.

Makes Vault data accessible to components

D.

Sends email alerts from the Vault

Question 22

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

Options:

A.

True

B.

False, the PTA can suspend sessions whether the session is made via the PSM or not

Question 23

It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

Options:

A.

TRUE

B.

FALS

Question 24

PSM captures a record of each command that was executed in Unix.

Options:

A.

TRIE

B.

FALSE

Question 25

Which report could show all accounts that are past their expiration dates?

Options:

A.

Privileged Account Compliance Status report

B.

Activity log

C.

Privileged Account Inventory report

D.

Application Inventory report

Question 26

Secure Connect provides the following. Choose all that apply.

Options:

A.

PSM connections to target devices that are not managed by CyberArk.

B.

Session Recording

C.

Real-time live session monitoring.

D.

PSM connections from a terminal without the need to login to the PVWA

Question 27

Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Activity Log

D.

Privileged Accounts CPM Status

Question 28

Which of the following PTA detections are included in the Core PAS offering?

Options:

A.

Suspected Credential Theft

B.

Over-Pass-The Hash

C.

Golden Ticket

D.

Unmanaged Privileged Access

Question 29

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Question 30

What is the easiest way to duplicate an existing platform?

Options:

A.

From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.

B.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.

C.

From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.

D.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.

Question 31

You are installing PSM for SSH with AD-Bridge in CyberArkSSHD mode for your customer. ACME Corp What do you need to install to meet your customer's needs? (Choose 2)

Options:

A.

libssh

B.

CARKpsmp-mfra

C.

CARKpsmp

D.

CARKpsmp-AD Bridge

Question 32

Which of the following properties are mandatory when adding accounts from a file? (Choose three.)

Options:

A.

Safe Name

B.

Platform ID

C.

All required properties specified in the Platform

D.

Username

E.

Address

F.

Hostname

Question 33

You are creating a new Rest API user that utilizes CyberArk Authentication.

What is a correct process to provision this user?

Options:

A.

Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User

B.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add

C.

PVWA > User Provisioning > LDAP Integration > Add Mapping

D.

PVWA > User Provisioning > Users and Groups > New > User

Question 34

SAFE Authorizations may be granted to____________.

Select all that apply.

Options:

A.

Vault Users

B.

Vault Group

C.

LDAP Users

D.

LDAP Groups

Question 35

In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

Options:

A.

Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server’s root account.

B.

Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server’s root account.

C.

Configure the Unix system to allow SSH logins.

D.

Configure the CPM to allow SSH logins.

Question 36

Which report provides a list of account stored in the vault.

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Entitlement Report

D.

Active Log

Question 37

Match each permission to where it can be found.

Options:

Question 38

When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

Options:

A.

Platform

B.

Connection Component

C.

CPM

D.

Vault

Question 39

Match each PTA alert category with the PTA sensors that collect the data for it.

Options:

Question 40

What is the purpose of the Immediate Interval setting in a CPM policy?

Options:

A.

To control how often the CPM looks for System Initiated CPM work.

B.

To control how often the CPM looks for User Initiated CPM work.

C.

To control how often the CPM rests between password changes.

D.

To Control the maximum amount of time the CPM will wait for a password change to complete.

Question 41

You are helping a customer prepare a Windows server for PSM installation. What is required for a successful installation?

Options:

A.

Window 2012 KB4558843

B.

Remote Desktop services (RDS) Session Host Roles

C.

Windows 2016 KB4558843

D.

Remote Desktop services (RDS) Session Broker

Question 42

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Options:

A.

Require dual control password access Approval

B.

Enforce check-in/check-out exclusive access

C.

Enforce one-time password access

D.

Enforce check-in/check-out exclusive access & Enforce one-time password access

Question 43

VAULT authorizations may be granted to_____.

Options:

A.

Vault Users

B.

Vault Groups

C.

LDAP Users

D.

LDAP Groups

Question 44

Which of the following options is not set in the Master Policy?

Options:

A.

Password Expiration Time

B.

Enabling and Disabling of the Connection Through the PSM

C.

Password Complexity

D.

The use of “One-Time-Passwords”

Question 45

Which components can connect to a satellite Vault in distributed Vault architecture?

Options:

A.

CPM, EPM, PTA

B.

PVWA, PSM

C.

CPM,PVWA, PSM

D.

CPM, PSM

Question 46

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Options:

A.

True; this is the default behavior

B.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file

D.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file

Question 47

Which of these accounts onboarding methods is considered proactive?

Options:

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Question 48

Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Options:

A.

TRUE

B.

FALSE

Question 49

Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

Options:

A.

PAR Agent

B.

PrivateArk Server Central Administration

C.

Edit DBParm.ini in a text editor.

D.

Setup.exe

Question 50

Which components support fault tolerance.

Options:

A.

CPM and PVWA

B.

PVWA and PSM

C.

PSM and PTA

D.

CPM and PTA

Question 51

A customer installed multiple PVWAs in the production environment behind a load balancer VIP. They subsequently observed that all incoming traffic from the load balancer VIP goes to only one PVWA, even though all the PVWAs are up and running. What could be the likely cause of this situation?

Options:

A.

The load balancing algorithm is the least connections algorithm.

B.

The Certificate of the load balancer is not a wild card cert

C.

The load balancing pool only has one PVWA server

D.

SSL passthrough is not configured on the load balancer.

Question 52

Which browser is supported for PSM Web Connectors developed using the CyberArk Plugin Generator Utility (PGUP

Options:

A.

Internet Explorer

B.

Google Chrome

C.

Microsoft Edge

D.

Firefox

Question 53

Which one the following reports is NOT generated by using the PVWA?

Options:

A.

Accounts Inventory

B.

Application Inventory

C.

Sales List

D.

Convince Status

Question 54

The vault supports Subnet Based Access Control.

Options:

A.

TRUE

B.

FALSE

Question 55

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

Options:

A.

Select Update on the CyberArk group, and then click Add > LDAP Group

B.

Select Update on the LDAP Group, and then click Add > LDAP Group

C.

Select Member Of on the CyberArk group, and then click Add > LDAP Group

D.

Select Member Of on the LDAP group, and then click Add > LDAP Group

Question 56

Match each key to its recommended storage location.

Options:

Question 57

It is possible to control the hours of the day during which a user may log into the vault.

Options:

A.

TRUE

B.

FALSE

Question 58

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Options:

A.

True

B.

False

Question 59

Match the connection component to the corresponding OS/Function.

Options:

Question 60

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

Options:

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Question 61

For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.

Options:

Question 62

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Options:

A.

True

B.

False, a user can submit the request after the connection has already been initiated via the PSM for Windows

Question 63

What is the purpose of the CyberArk Event Notification Engine service?

Options:

A.

It sends email messages from the Central Policy Manager (CPM)

B.

It sends email messages from the Vault

C.

It processes audit report messages

D.

It makes Vault data available to components

Question 64

In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.

What is the least intrusive way to accomplish this?

Options:

A.

Use the “change” button on the usage’s details page.

B.

Use the “change” button on the parent account’s details page.

C.

Use the “sync” button on the usage’s details page.

D.

Use the “reconcile” button on the parent account’s details page.

Question 65

Which report shows the accounts that are accessible to each user?

Options:

A.

Activity report

B.

Entitlement report

C.

Privileged Accounts Compliance Status report

D.

Applications Inventory report

Question 66

Which configuration file and Vault utility are used to migrate the server key to an HSM?

Options:

A.

DBparm.ini and CAVaultManager exe

B.

VaultKeys.ini and CAVaultManager exe

C.

DBparm.ini and ChangeServerKeys exe

D.

VaultKeys.ini and ChangeServerKeys exe

Load More PAM-CDE-RECERT Questions
Page: 1 / 22
Total 221 questions
Get PAM-CDE-RECERT Full Access Download PAM-CDE-RECERT PDF