CYBERARK DEFENDER EXAM
In order to connect to a target device through PSM, the account credentials used for the
connection must be stored in the vault? - Answers -FALSE. Because the user can also
enter credentials manually using Secure Connect
Which CyberArk components or products can be used to discover Windows Services of
Scheduled Taks that use privileged accounts? - Answers -Discovery and Audit (DNA)
Auto Detection (AD)
Accounts Discovery
What conditions must be met in order to login into the vault as the Master user? -
Answers -Logon must be originated from the console of the Vault server or an
EmergencyStation defined in DBParm.ini
User must provide the correct master password.]
Logon requires the Recovery Private Key to be accessible to the vault.
When managing SSH keys, CPM automatically pushed the Public Key to the target
systems. - Answers -TRUE
Which of the following can be configured in the Master Policy? - Answers -Dual Control
Exclusive Passwords
One Time Passwords
Password Aging Rules
The primary purpose of exclusive accounts is to ensure non-repudiation (individual
accountability). - Answers -TRUE
Which of the following reports is NOT generated by using the PVWA? - Answers -Safes
List
Which user is automatically given all Safe Authorizations on all Safes? - Answers -
Master
Which Built-In group grants access to the ADMINISTRATION page? - Answers -Vault
Admins
, What is the purpose of the Immediate Interval setting in the CPM policy? - Answers -To
control how often the CPM looks for User Initiated CPM work.
Users can be restricted to using certain CyberArk interfaces (e.g. PVWA or PACLI). -
Answers -TRUE
A Reconcile Account can be specified in the platform settings. - Answers -TRUE
PSM captures a record of each command that was issued in SQL Plus. - Answers -
TRUE
PSM captures a record of each command that was executed in Unix. - Answers -TRUE
What is the name of the Platform parameter that controls how long a password will stay
valid when One Time Passwords are enabled via the Master Policy? - Answers -
MinValidityPeriod
Users who have the "Access Safe without confirmation" permission on a safe where
accounts are configured for Dual Control, still need to request approval to use the
account. - Answers -FALSE
In Accounts Discovery, you can configured a Windows discovery to scan - Answers -
only one OU.
The Password upload utility can be used to create safes. - Answers -TRUE
When on-boarding accounts using the Accounts Feed, which of the following is true? -
Answers -You can specify the name of a new safe that will be created where the
account will be stored when it is on-boarded to the Vault.
Platform settings are applied to - Answers -Individual accounts
It is possible to disable the Show and Copy buttons without removing the Retrieve
permissions on a safe. - Answers -TRUE
The vault does not support Role Based Access Control. - Answers -FALSE
It is possible to control the hours of the day during which a safe may be used. - Answers
-TRUE
Which of the following statements are NOT true when enabling PSM recording for a
target Windows server? - Answers -The PSM software must be installed on the target
server
PSMConnect must be added as a local use on the target server.
In order to connect to a target device through PSM, the account credentials used for the
connection must be stored in the vault? - Answers -FALSE. Because the user can also
enter credentials manually using Secure Connect
Which CyberArk components or products can be used to discover Windows Services of
Scheduled Taks that use privileged accounts? - Answers -Discovery and Audit (DNA)
Auto Detection (AD)
Accounts Discovery
What conditions must be met in order to login into the vault as the Master user? -
Answers -Logon must be originated from the console of the Vault server or an
EmergencyStation defined in DBParm.ini
User must provide the correct master password.]
Logon requires the Recovery Private Key to be accessible to the vault.
When managing SSH keys, CPM automatically pushed the Public Key to the target
systems. - Answers -TRUE
Which of the following can be configured in the Master Policy? - Answers -Dual Control
Exclusive Passwords
One Time Passwords
Password Aging Rules
The primary purpose of exclusive accounts is to ensure non-repudiation (individual
accountability). - Answers -TRUE
Which of the following reports is NOT generated by using the PVWA? - Answers -Safes
List
Which user is automatically given all Safe Authorizations on all Safes? - Answers -
Master
Which Built-In group grants access to the ADMINISTRATION page? - Answers -Vault
Admins
, What is the purpose of the Immediate Interval setting in the CPM policy? - Answers -To
control how often the CPM looks for User Initiated CPM work.
Users can be restricted to using certain CyberArk interfaces (e.g. PVWA or PACLI). -
Answers -TRUE
A Reconcile Account can be specified in the platform settings. - Answers -TRUE
PSM captures a record of each command that was issued in SQL Plus. - Answers -
TRUE
PSM captures a record of each command that was executed in Unix. - Answers -TRUE
What is the name of the Platform parameter that controls how long a password will stay
valid when One Time Passwords are enabled via the Master Policy? - Answers -
MinValidityPeriod
Users who have the "Access Safe without confirmation" permission on a safe where
accounts are configured for Dual Control, still need to request approval to use the
account. - Answers -FALSE
In Accounts Discovery, you can configured a Windows discovery to scan - Answers -
only one OU.
The Password upload utility can be used to create safes. - Answers -TRUE
When on-boarding accounts using the Accounts Feed, which of the following is true? -
Answers -You can specify the name of a new safe that will be created where the
account will be stored when it is on-boarded to the Vault.
Platform settings are applied to - Answers -Individual accounts
It is possible to disable the Show and Copy buttons without removing the Retrieve
permissions on a safe. - Answers -TRUE
The vault does not support Role Based Access Control. - Answers -FALSE
It is possible to control the hours of the day during which a safe may be used. - Answers
-TRUE
Which of the following statements are NOT true when enabling PSM recording for a
target Windows server? - Answers -The PSM software must be installed on the target
server
PSMConnect must be added as a local use on the target server.
