Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. CyberArk
  3. Sentry
  4. PAM-SEN
  5. CyberArk Sentry PAM Questions and Answers

PAM-SEN Sample Questions Answers

Questions 4

Which statement is correct about CPM behavior in a distributed Vault environment?

Options:

A.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until another Vault is promoted as the new primary Vault.

B.

CPMs should access only the satellite Vaults.

C.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until the original primary Vault is operational again.

D.

CPM should access all Vaults - primary and the satellite.

Buy Now
Questions 5

Which command should be executed to harden a Vault after registering it to Azure?

Options:

A.

HardenAzureFW.ps1 Most Voted

B.

ExecuteStage ./Hardening/HardeningConf.xml

C.

HardenVaultFW.ps1

D.

ExecuteStage ./PostInstallation/PostInstallation.xml

Buy Now
Questions 6

What would be a good use case for a High Availability vault?

Options:

A.

Recovery Time Objectives or Recovery Point Objectives are at or near zero.

B.

Integration with an Enterprise Backup Solution is required.

C.

Off site replication is required

D.

PSM is used.

Buy Now
Questions 7

In an SMTP integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SMTP server address(es)

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 8

Which component must be installed before the first CPM installation?

Options:

A.

PTA

B.

PSM

C.

PVWA

D.

EPM

Buy Now
Questions 9

Which user is enabled when replicating data between active and stand-by Vaults?

Options:

A.

DR

B.

Backup

C.

Operator

D.

Auditor

Buy Now
Questions 10

A customer's environment has three data centers consisting of 5,000 servers in Germany, 10,000 servers in Canada, and 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPMs should you deploy?

Options:

A.

1

B.

3 total, 1 per data center

C.

15

D.

6 total, 2 per data center

Buy Now
Questions 11

What is the recommended method to determine if a PVWA is unavailable and should be disabled in a load balancing pool?

Options:

A.

Monitor Port 443 on the PVWA server

B.

Monitor Port 1858 on the PVWA server

C.

Ping the PVWA server

D.

Monitor Port 3389 on the PVWA server

Buy Now
Questions 12

Your customer upgraded recently to version 12.2 to allow the Linux team to use the new MFA caching feature. The PSM for SSH was installed with default configuration settings. After setting the Authentication to SSH key and enabling MFA Caching from the PVWA interface, the Linux Team cannot connect successfully using the new MFA caching feature.

What is the most probable cause?

Options:

A.

OpenSSH 7.8 or above is not installed.

B.

The MFACaching parameter in the psmpparms file is not set to True.

C.

A passphrase policy must be added.

D.

MFA caching is not supported when the PSM for SSH is deployed with default settings.

Buy Now
Questions 13

Which parameter must be provided when registering a primary Vault in Azure, but not in Amazon Web Services?

Options:

A.

/RecPub

B.

/AdminPass

C.

/MasterPass

D.

/RDPGateway

Buy Now
Questions 14

Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.

Which file should you update to allow this to run?

Options:

A.

PSMConfigureAppLocker.xml

B.

PSMHardening.xml

C.

PSMAppConfig.xml

D.

PSMConfigureHardening.xml

Buy Now
Questions 15

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Options:

A.

on the Vault server in C:\Windows\System32\drivers\etc\hosts and in the PVWAApplication under Administration > LDAP Integration > Directories > Hosts

B.

on both the Vault and the PVWA servers in C:\Windows\System32\drivers\etc\hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Buy Now
Questions 16

What is the best practice for storing the Master CD?

Options:

A.

Copy the files to the Vault server and discard the CD.

B.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

C.

Store the CD in a secure location, such as a physical safe.

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder (secured with NTFS permissions} on the vault.

Buy Now
Questions 17

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:

A.

Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent. Most Voted

C.

In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.

Buy Now
Questions 18

During the PSM installation process, Safes and a User are created.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords, and Activate Users, which authorization(s) does the Vault user installing the PSM need to enable them to be successfully created?

Options:

A.

Manage Vault File Categories Most Voted

B.

Manage Server File Categories

C.

Manage Directory Mapping, Manage Server File Categories

D.

Manage Directory Mapping, Manage Vault File Categories

Buy Now
Questions 19

In which configuration file on the Vault can filters be configured to either include or exclude log messages that are sent through SNMP?

Options:

A.

PARAgent.ini

B.

DBParm.ini

C.

TSParm.ini

D.

CyberArkv2 MIB file

Buy Now
Questions 20

For redundancy, you want to add a secondary RADIUS server.

What must you do to accomplish this?

Options:

A.

Add to the application settings of the PVWA web.config file.

B.

In the PVWA vault.ini file, list each RADIUS server host address in the "Addresses" attribute separated by commas.

C.

Open the DBParm.ini on the Vault server. Add the second RADIUS server configuration settings after the first one, separated by a comma. Most Voted

D.

In the PVWA web.config file, add the location element at the end of the config file. Set the path value to "Default Web Site/PasswordVault/api/auth/pkipn/logon".

Buy Now
Questions 21

You are configuring the Vault to send syslog audit data to your organization’s SIEM solution.

What is a valid value for the SyslogServerProtocol parameter in DBPARM.INI file?

Options:

A.

TLS

B.

SSH

C.

SMTP

D.

SNMP

Buy Now
Questions 22

You want to change the name of the PVWAappuser of the second PVWA server.

Which steps are part of the process? (Choose two.)

Options:

A.

Update PVWA.ini with new user name

B.

Update Vault.ini with new user name

C.

Create new user in PrivateArk

D.

Rename user in PrivateArk

E.

Create new cred file for user

Buy Now
Questions 23

If a customer has one data center and requires fault tolerance, how many PVWAs should be deployed?

Options:

A.

two or more

B.

one PVWA cluster

C.

one

D.

two PVWA clusters

Buy Now
Questions 24

The RemoteApp feature of PSM allows seamless Application windows (i e the Desktop of the PSM server will not be visible)

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 25

A customer is moving from an on-premises to a public cloud deployment.

What is the best and most cost-effective option to secure the server key?

Options:

A.

Install the Vault in the cloud the same way you would in an on-premises environment. Place the server key in a password protected folder on the operating system.

B.

Install the Vault in the cloud the same way you would in an on-premises environment. Purchase a Hardware Security Module to secure the server key.

C.

Install the Vault using the native cloud images and secure the server key using native cloud Key Management Systems.

D.

Install the Vault using the native cloud images and secure the server key with a Hardware Security Module.

Buy Now
Questions 26

What is the purpose of the password Reconcile process?

Options:

A.

To test that CyberArk is storing accurate credentials for accounts.

B.

To change the password of an account according to organizationally defined password rules

C.

To allow CyberArk to manage unknown or lost credentials.

D.

To generate a new complex password.

Buy Now
Questions 27

In order to avoid conflicts with the hardening process, third party applications like Antivirus and Backup Agents should be installed on the Vault server before installing the Vault.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

There is a requirement for a password to change between 01:00 and 03:00 on Saturdays and Sundays; however, this does not work consistently.

Which platform setting may be the cause?

Options:

A.

The Interval setting for the platform is incorrect and must be less than 120.

B.

The ImmediateInterval setting for the platform is incorrect and must be greater than or equal to 1.

C.

The DaysToRun setting for the platform is incorrect and must be set to Sat,Sun.

D.

The HeadStartInterval setting for the platform is incorrect and must be set to 0.

Buy Now
Questions 29

The vault server uses a modified version of the Microsoft Windows firewall.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 30

Does CyberArk need service accounts on each server to change passwords?

Options:

A.

Yes. it requires a domain administrator account to change any password on any server.

B.

Yes. it requires a local administrator account on any Windows server and a root level account on any Unix server.

C.

No. passwords are changed by the Password Provider Agent.

D.

No. the CPM uses the account information stored in the vault to login and change the account's password using its own credentials

Buy Now
Questions 31

A customer asked you to help scope the company's PSM deployment.

What should be included in the scoping conversation?

Options:

A.

Recordings file path

B.

Recordings codec

C.

Recordings retention period

D.

Recordings file type

Buy Now
Questions 32

What is a requirement for setting fault tolerance for PSMs?

Options:

A.

Use a load balancer

B.

Use a backup solution

C.

CPM must be in all data centers

D.

Install the Vault in an HA cluster

Buy Now
Questions 33

What authentication methods can be implemented to enforce Two-Factor Authentication (2FA) for users authenticating to CyberArk using both the PVWA (through the browser) and the PrivateArk Client?

Options:

A.

LDAP and RADIUS Most Voted

B.

CyberArk and RADIUS

C.

SAML and Cyber Ark

D.

SAML and RADIUS

Buy Now
Questions 34

You are installing the HTML5 gateway on a Linux host using the RPM provided.

After installing the Tomcat webapp, what is the next step in the installation process?

Options:

A.

Deploy the HTML5 service (guacd). Most Voted

B.

Secure the connection between the guacd and the webapp.

C.

Secure the webapp and JWT validation endpoint.

D.

Configure ASLR.

Buy Now
Questions 35

Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation?

Options:

A.

255.255.255.255

B.

8.8.8.8

C.

192.168.1.1

D.

1.1.1.1

Buy Now
Questions 36

By default, the vault secure protocol uses which IP port and protocol.

Options:

A.

TCP/1858

B.

TCP/443

C.

UDP/1858

D.

TCP/80

Buy Now
Questions 37

To enable LDAP over SSL for a Vault when DNS lookups are blocked, which step must be completed?

Options:

A.

Add the FQDN & IP details for each LDAP host into the local hosts file of the Vault server. Most Voted

B.

Configure an AllowNonStandardFWAddresses rule in DBParm.ini on the Vault to allow outbound TCP 53 to the organization’s DNS servers.

C.

Ensure LDAP hosts added to the directory mapping configuration are defined using only IP addresses.

D.

Set the ReferralsDNSLookup parameter value to “No” in the directory configuration.

Buy Now
Questions 38

A customer has five main data centers with one PVWA in each center under different URLs.

How can you make this setup fault tolerant?

Options:

A.

This setup is already fault tolerant.

B.

Install more PVWAs in each data center.

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered.

D.

Load balance all PVWAs under same URL.

Buy Now
Questions 39

The Remote Desktop Services role must be property licensed by Microsoft.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 40

You want to add an additional maintenance user on the PSM for SSH.

How can you accomplish this if InstallCyberarkSSHD is set to Integrated?

Options:

A.

Create a local user and add it to the PSMMaintenance Group.

B.

Create a local user called proxymng.

C.

Create a local user and add it to group configured for the parameter AllowGroups in the /etc/sshd_config file

D.

Create a local user, called psmpmng.

Buy Now
Exam Code: PAM-SEN
Exam Name: CyberArk Sentry PAM
Last Update: Nov 15, 2024
Questions: 136
$64  $159.99
$48  $119.99
$40  $99.99
buy now PAM-SEN