ANSWERS GRADED A+
✔✔Platform Settings are applied to __________? - ✔✔Individual Accounts
✔✔What are the secure options for storing the contents of the operator CD, while still
being able to allows the contents of the Vault during a planned restart? - ✔✔- Store the
CD in a physical safe and mount the CD every time maintenance is performed
- Copy the contents of the CD to a folder on the Vault server and secure it with NTFS
permissions
- Store the server key in a HSM
✔✔Can two vaults be load balanced with external load balancer? - ✔✔No
✔✔What file do you figure to set the Radius server? - ✔✔DBParm.ini
✔✔Where would you install the Password Upload Utility in your environment? - ✔✔The
utility does not require installation
✔✔What status and privileges must the CPM have for all safes? - ✔✔Must be an owner
with:
- Monitor
- Retrieve
- Store
- Delete
✔✔Access control is done by? - ✔✔Safes
✔✔Vault Server/CyberArk allows integration of only SYSLog or SIEM? - ✔✔False
✔✔Once the Vault is hardened, how do you add a non-standard firewall rule? - ✔✔Edit
the DParm.ini file
✔✔The Master User has full __________ and __________ authorizations. Can these
be removed by the Administrator? - ✔✔Safe and Vault, No authorization cannot be
removed
✔✔The DR module allows an Integration with Enterprise Backup Software. - ✔✔False
✔✔Who/What has access to a newly created safe? - ✔✔The associated CPM and the
creator of the safe.
✔✔By running deep packet inspection, what type of Kerberos attacks can the PTA
detect in real time? - ✔✔- Pass the Hash
,- PAC Attack
- Golden Ticket
- DC Sync
✔✔Older sessions are analyzed in PTA and trigger security incidents. - ✔✔False, only
current PSM sessions are analyzed by the PTA
✔✔File used to configure the physical disks used to store Vault Data. - ✔✔TSParm.ini
✔✔User configuration is available in the PVWA. - ✔✔False
✔✔Designed to provide a native Unix/Linux user experience, connecting to any SSH
Target System - ✔✔PSM for SSH (PSM SSH Proxy)
✔✔Detecting Kerberos attacks are included in the Core PAS Solution - ✔✔False
✔✔Report that shows CPM status for each account. - ✔✔Privileged Accounts
Compliance Status Report
✔✔Kerberos attacks are included in the Core PAS solution. - ✔✔False
✔✔What are the three primary goals of the PSM? - ✔✔Isolate, Control, and Monitor
✔✔Basic PSM file that contains the information required to start the PSM. -
✔✔Basic_psm.ini
✔✔Name two ways of viewing the ITALog - ✔✔- Log onto the Vault, navigate to server
folder under the PrivateArk Install location
- Access the system safe from the PrivateArk client
✔✔What does CyberArk use to manage access control? - ✔✔Safes
✔✔The account credentials used for connection with the PSM, must be stored in the
Vault. - ✔✔False, the user can also enter the credentials manually via SecureConnect
✔✔What would be a good use case for the Disaster Recovery module? - ✔✔Off site,
replication is required
✔✔__________ Report shows all the audit information in the Vault. - ✔✔Activity Log
Report
✔✔Which file would you modify to configure your vault server to forward activity logs to
a SIEM or SYSLog Server? - ✔✔DBParm.ini
, ✔✔How does the PTA sort PSM recordings? - ✔✔Based on risk score.
✔✔By default, the PSM records all activities that take place during privileged sessions
and provides audits for the following events:
1.
2.
3.
4. - ✔✔1. SQL Commands
2. SSH Keystrokes
3. Windows Titles
4. Universal Keystrokes
✔✔Which PSM connection allows you to connect with accounts that are not stored in
CyberArk Vault or managed by the CPM? - ✔✔Ad-Hoc Connection/Secure Connect
✔✔Name the two types of Operational reports. - ✔✔Privileged Accounts Inventory and
Application Inventory
✔✔Name the five reports that can be generated in the PVWA. - ✔✔1. Privileged
Accounts Inventory
2. Application Inventory for AIM
3. Privileged Accounts Compliance Status
4. Entitlement Report
5. Activity Log
✔✔If you run a Privileged Accounts Inventory report but do not have the "view safe
members" permission, what happens? - ✔✔You will only be able to view complete
information about your own activities
✔✔In Discovery, what must occur before an account loses privileged status? - ✔✔It is
removed from all machines it was discovered on
✔✔PTA Upgrade Log Name - ✔✔Log_upgrade.log
✔✔What permissions are required for the Activity Log Report? - ✔✔Audit Users and
View Audit
✔✔Permissions required to run the Activity Log Report. - ✔✔User related activities:
Audit users
Safe/Account related activities: View audit
✔✔Explain object level access control? - ✔✔Access control is individualized based on
objects in safe rather than by safe