CYBERARK DEFENDER EXAM
In order to connect to a target device through PSM, the account credentials
used for the connection must be stored in the vault? - answer-FALSE.
Because the user can also enter credentials manually using Secure Connect
Which CyberArk components or products can be used to discover Windows
Services of Scheduled Taks that use privileged accounts? - answer-Discovery
and Audit (DNA)
Auto Detection (AD)
Accounts Discovery
What conditions must be met in order to login into the vault as the Master
user? - answer-Logon must be originated from the console of the Vault server
or an EmergencyStation defined in DBParm.ini
User must provide the correct master password.]
Logon requires the Recovery Private Key to be accessible to the vault.
When managing SSH keys, CPM automatically pushed the Public Key to the
target systems. - answer-TRUE
Which of the following can be configured in the Master Policy? - answer-Dual
Control
Exclusive Passwords
One Time Passwords
Password Aging Rules
The primary purpose of exclusive accounts is to ensure non-repudiation
(individual accountability). - answer-TRUE
If a user is a member of more than one group that has authorizations on a
safe, by default that user is granted - answer-the cumulative permissions of
all the groups to which that user belongs
It is possible to restrict the time of day, or day of week that a change process
can occur. - answer-TRUE
The System safe allows access to the Vault configuration files - answer-TRUE
, One can create exceptions to the Master Policy based on - answer-Platforms
It is possible to restrict the time of day, or day of week that a verify process
can occur. - answer-TRUE
Which report could show all audit data in the vault? - answer-Activity log
All of your Unix root passwords are stored in the safe UnixRoot. Dual control
is enabled for some of the accounts in that safe. The members of the AD
group UnixAdmins need to be able to use the show, copy and connect
buttons on those passwords at any time without confirmation. The members
of the AD group OperationsStaff need to be able to use the show, copy and
connect buttons on those passwords on an emergency basis, but only with
the approval of a member of the Operations Managers. lThe members of the
OperationsManagers never need to be able to use the show, copy or connect
buttons themselves.
Which safe permissions do you need to grant to the UnixAdmins? - answer-
Use Accounts
List Accounts
Retrieve Accounts
Access Safe without Authorization
Auto-Detection can be configured to leverage LDAP/S. - answer-TRUE
Which utilities could you use to change the debugging levels on the vault
without having to restart the vault. - answer-PAR Agent
PrivateArk Server Central Administration
One tiem passwords reduce the risk of the Pass the Hash vulnerabilities in
Windows. - answer-TRUE
Ad-Hoc access (formerly Secure Connect) provides the following features -
answer-PSM connections to target devices that are not managed by
CyberArk
Session Recording
Real-time live session monitoring
In order to connect to a target device through PSM, the account credentials
used for the connection must be stored in the vault? - answer-FALSE.
Because the user can also enter credentials manually using Secure Connect
Which CyberArk components or products can be used to discover Windows
Services of Scheduled Taks that use privileged accounts? - answer-Discovery
and Audit (DNA)
Auto Detection (AD)
Accounts Discovery
What conditions must be met in order to login into the vault as the Master
user? - answer-Logon must be originated from the console of the Vault server
or an EmergencyStation defined in DBParm.ini
User must provide the correct master password.]
Logon requires the Recovery Private Key to be accessible to the vault.
When managing SSH keys, CPM automatically pushed the Public Key to the
target systems. - answer-TRUE
Which of the following can be configured in the Master Policy? - answer-Dual
Control
Exclusive Passwords
One Time Passwords
Password Aging Rules
The primary purpose of exclusive accounts is to ensure non-repudiation
(individual accountability). - answer-TRUE
If a user is a member of more than one group that has authorizations on a
safe, by default that user is granted - answer-the cumulative permissions of
all the groups to which that user belongs
It is possible to restrict the time of day, or day of week that a change process
can occur. - answer-TRUE
The System safe allows access to the Vault configuration files - answer-TRUE
, One can create exceptions to the Master Policy based on - answer-Platforms
It is possible to restrict the time of day, or day of week that a verify process
can occur. - answer-TRUE
Which report could show all audit data in the vault? - answer-Activity log
All of your Unix root passwords are stored in the safe UnixRoot. Dual control
is enabled for some of the accounts in that safe. The members of the AD
group UnixAdmins need to be able to use the show, copy and connect
buttons on those passwords at any time without confirmation. The members
of the AD group OperationsStaff need to be able to use the show, copy and
connect buttons on those passwords on an emergency basis, but only with
the approval of a member of the Operations Managers. lThe members of the
OperationsManagers never need to be able to use the show, copy or connect
buttons themselves.
Which safe permissions do you need to grant to the UnixAdmins? - answer-
Use Accounts
List Accounts
Retrieve Accounts
Access Safe without Authorization
Auto-Detection can be configured to leverage LDAP/S. - answer-TRUE
Which utilities could you use to change the debugging levels on the vault
without having to restart the vault. - answer-PAR Agent
PrivateArk Server Central Administration
One tiem passwords reduce the risk of the Pass the Hash vulnerabilities in
Windows. - answer-TRUE
Ad-Hoc access (formerly Secure Connect) provides the following features -
answer-PSM connections to target devices that are not managed by
CyberArk
Session Recording
Real-time live session monitoring
