Target account platforms can be restricted to accounts that are stored in specific Safes using the Allowed Safes property. - ANSWER True
Which one of
... [Show More] the following reports is NOT generated by using the PVWA? - ANSWER Safes List
It is impossible to override Master Policy settings for a Platform. - ANSWER False
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to verify the root account's password the CPM will... - ANSWER Log in first with the logon account, then run the su command to log in as root using the password in the vault.
In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault? - ANSWER FALSE. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect.
VAULT authorizations may be granted to... - ANSWER Vault Users, LDAP Users
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval. - ANSWER On the safe in which the account is stored grant the group the 'Access safe without confirmation' authorization.
It is impossible to override Master Policy settings for a Platform - ANSWER FALSE
What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy? - ANSWER MinValidityPeriod
When managing SSH keys, CPM automatically pushes the Private Key to all systems that use it. - ANSWER FALSE
PSM captures a record of each command that was issued in SQL Plus. - ANSWER TRUE
Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords. - ANSWER TRUE
Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account. - ANSWER FALSE
Which of the following files must be created or configured in order to run Password Upload Utility? - ANSWER Vault.ini
conf.ini
A comma delimited upload file
When on-boarding accounts using Accounts Feed, which of the following is true? - ANSWER You can specify the name of a new safe that will be created where the account will be stored when it is on-boarded to the Vault.
SAFE Authorizations may be granted to _________________. - ANSWER Vault Users and Groups
LDAP Users and Groups
Platform settings are applied to... - ANSWER Individual Accounts
One can create exceptions to the Master Policy based on ____________. - ANSWER Platforms
What is the purpose of the Immediate Interval setting in a CPM policy? - ANSWER To control how often the CPM looks for User Initiated CPM work.
What conditions must be met in order to log into the vault as the Master user? - ANSWER 1. Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini
2. Must provide correct master password
3. Must provide the Recovery Private Key
It is possible to leverage DNA to provide discovery functions that are not available with auto-detection. - ANSWER TRUE
It is possible to control the hours of the day during which a safe may be used. - ANSWER TRUE
In Accounts Discovery, you can configure a Windows discovery to scan _________. - ANSWER Only one OU.
Users can be restricted to using certain CyberArk interfaces (e.g. PVWA or PACLI). - ANSWER TRUE
Which user is automatically given all Safe authorizations on all Safes? - ANSWER Master
It is possible to restrict the time of day, or day of week that a verify process can occur. - ANSWER True
It is possible to control the hours of the day during which a user may log into the vault. - ANSWER True
What is the purpose of the Allowed Safes parameter in a CPM policy? - ANSWER To improve performance by reducing CPM workload.
To prevent accidental use of a policy in the wrong safe.
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
What permissions are granted to the OperationsStaff? - ANSWER Use
List
Retrieve
Auto-Detection can be configured to leverage LDAP/S. - ANSWER TRUE
As long as you are a member of the Vault Admins group you can grant any permission on any safe. - ANSWER FALSE
Which of the Following can be configured in the Master Policy? - ANSWER Dual Control
Exclusive Passwords
One Time Passwords
Password Aging Rules
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted __________________. - ANSWER the cumulative permissions of all the groups to which that user belongs.
One time passwords reduce the risk of Pass the Hash vulnerabilities in Windows. - ANSWER TRUE
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to UnixAdmins? - ANSWER Use
List
Retrieve
Access Safe without Authorization
It is possible to restrict the time of day, or day of week that a change process can occur. - ANSWER TRUE
It is possible to restrict the time of day, or day of week that a reconcile process can occur. - ANSWER TRUE
A Logon Account can be specified in the Master Policy. - ANSWER FALSE
The System safe allows access to the Vault configuration files. - ANSWER TRUE
Which utilities could you use to change debugging levels on the vault without having to restart the vault. - ANSWER PAR Agent
PrivateArk Server Central Administration
The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability). - ANSWER TRUE
Reports can be scheduled to run on a periodic basis. - ANSWER TRUE
What is the maximum number of levels of authorizations you can set up in Dual Control? - ANSWER 2
When managing SSH keys, CPM automatically pushes the Public Key to the target system. - ANSWER TRUE
The Password upload utility can be used to create safes. - ANSWER TRUE
Which report could show all audit data in the vault? - ANSWER Activity Log
In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault? - ANSWER FALSE. Because the user can also enter credentials manually using Secure Connect.
Which Built-In group grants access to the ADMINISTRATION page? - ANSWER Vault Admins
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically? - ANSWER Associate a reconcile account and configure the platform to reconcile automatically.
It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe. - ANSWER TRUE
The vault does not support Role Based Access Control. - ANSWER FALSE
Which of the following statements are NOT true when enabling PSM recording for a target Windows server? - ANSWER The PSM software must be installed on the target server.
PSMConnect must be added as a local user on the target server.
A Reconcile Account can be specified in the platform settings. - ANSWER TRUE [Show Less]