CyberArk Defender Practice

CyberArk Defender Practice Target account platforms can be restric ted to accounts that are stored in specific Safes using the AllowedSafes property. - True Which one of the following reports is NOT generated by using the PVWA? - Safes List It is impossible to override Master Policy settings for a Platform. - False You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to verify the root account's password the CPM will... - Log in first with the logon account, then run the su command to log in as root using the password in the vault. In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault? - FALSE. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect . VAULT authorizations may be granted to... - Vault Users, LDAP Users For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval. - On the safe in which the account is stored grant the group the 'Access safe without confirmation' authorization. It is impossible to override Master Policy settings for a Platform - FALSE What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy? - MinValidityPeriod When managing SSH keys, CPM automatically pushes the Private Key to all systems that use it. - FALSE PSM captures a record of each command that was i ssued in SQL Plus. - TRUE Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords. - TRUE Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual contr ol, still need to request approval to use the account. - FALSE Which of the following files must be created or configured in order to run Password Upload Utility? - Vault.ini conf.ini A comma delimited upload file CyberArk Defender Practice When on -boarding accounts using Accounts Feed, which of the following is true? - You can specify the name of a new safe that will be created where the account will be stored when it is on -boarded to the Vault. SAFE Authorizations may be granted to _________________. - Vault Users and Groups LDAP Users and Groups Platform settings are applied to... - Individual Accounts One can create exceptions to the Master Policy based on ____________. - Platforms What is the purpose of the Immediate Interval setting in a CPM policy? - To control how often the CPM looks for User Initiated CPM work. What conditions must be met in order to log into the vault as the Master user? - 1. Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini 2. Must provide c orrect master password 3. Must provide the Recovery Private Key It is possible to leverage DNA to provide discovery functions that are not available with auto-detection. - TRUE It is possible to control the hours of the day during which a safe may be us ed. - TRUE In Accounts Discovery, you can configure a Windows discovery to scan _________. - Only one OU. Users can be restricted to using certain CyberArk interfaces (e.g. PVWA or PACLI). - TRUE Which user is automatically given all Safe authorizations on all Safes? - Master It is possible to restrict the time of day, or day of week that a verify process can occur. - True It is possible to control the hours of the day during which a user may log into the vault. - True What is the purpose of the Allowed Safes parameter in a CPM policy? - To improve performance by reducing CPM workload. To prevent accidental use of a policy in the wrong safe.