PAM-DEF Online Practice Questions and Answers

DRAG DROP

Match the built-in Vault User with the correct definition.

Select and Place:

When creating an onboarding rule, it will be executed upon .

A. All accounts in the pending accounts list

B. Any future accounts discovered by a discovery process

C. Both "All accounts in the pending accounts list" and "Any future accounts discovered by a discovery process"

The System safe allows access to the Vault configuration files.

A. TRUE

B. FALS

What is the purpose of a linked account?

A. To ensure that a particular collection of accounts all have the same password.

B. To ensure a particular set of accounts all change at the same time.

C. To connect the CPNI to a target system.

D. To allow more than one account to work together as part of a password management process.

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

A. TRUE

B. FALSE

To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

C. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit D. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

What is the maximum number of levels of authorization you can set up in Dual Control?

A. 1

B. 2

C. 3

D. 4

One can create exceptions to the Master Policy based on ____________________.

A. Safes

B. Platforms

C. Policies

D. Accounts

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

A. True

B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

A. Operating System Username

B. Host IP Address

C. Client Hostname

D. Operating System Type (Linux/Windows/HP-UX)

E. Vault IP Address

F. Time Frame

Which report provides a list of account stored in the vault.

A. Privileged Accounts Inventory

B. Privileged Accounts Compliance Status

C. Entitlement Report

D. Active Log

What is the purpose of the HeadStartlnterval setting m a platform?

A. It determines how far in advance audit data is collected tor reports

B. It instructs the CPM to initiate the password change process X number of days before expiration.

C. It instructs the AIM Provider to `skip the cache' during the defined time period

D. It alerts users of upcoming password changes x number of days before expiration.

It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

A. TRUE

B. FALS

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

A. True

B. False, the PTA can suspend sessions whether the session is made via the PSM or not

You want to generate a license capacity report. Which tool accomplishes this?

A. Password Vault Web Access

B. PrivateArk Client

C. DiagnoseDB Report

D. RestAPI