PAM-DEF Dumps PAM-DEF Braindumps

PAM-DEF Real Questions PAM-DEF Practice Test PAM-DEF Actual Questions


CyberArk


PAM-DEF


CyberArk Defender


https://killexams.com/pass4sure/exam-detail/PAM-DEF


Question: 49


It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

  1. TRUE

  2. FALSE


Answer: A Explanation:

Password verification can be restricted to specific days. This means that the CPM will only verify passwords on the days of the week specified in the VFExecutionDays parameter. The days of the week are represented by the first 3 letters of the name of the day. Sunday is represented by Sun, Monday by Mon, etc.


Question: 50


A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

  1. True

  2. False


Answer: B


Question: 51


What is the purpose of the PrivateArk Server service?

  1. Executes password changes

  2. Maintains Vault metadata

  3. Makes Vault data accessible to components

  4. Sends email alerts from the Vault

Answer: C


Question: 52


A user with administrative privileges to the vault can only grant other users privileges that he himself has.

  1. TRUE

  2. FALSE


Answer: B


Question: 53


Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

  1. HeadStartInterval

  2. Interval

  3. ImmediateInterval

  4. The CPM does not change the password under this circumstance


Answer: C


Question: 54


In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.


What is the least intrusive way to accomplish this?

  1. Use the “change” button on the usage’s details page.

  2. Use the “change” button on the parent account’s details page.

  3. Use the “sync” button on the usage’s details page.

  4. Use the “reconcile” button on the parent account’s details page.


Answer: B


Question: 55


Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

  1. PAR Agent

  2. PrivateArk Server Central Administration

  3. Edit DBParm.ini in a text editor.

  4. Setup.exe


Answer: A,B Explanation:

PAR-Private Ark Remote Control Agent allows you to perform several Vault admin tasks (without restarting the Vault) and view machine statistics.


Question: 56


You receive this error: “Error in changepass to user domainuser on domain server(domain. (winRc=5) Access is denied.”


Which root cause should you investigate?

  1. The account does not have sufficient permissions to change its own password.

  2. The domain controller is unreachable.

  3. The password has been changed recently and minimum password age is preventing the change.

  4. The CPM service is disabled and will need to be restarted.


Answer: A Explanation:

Reference: https://cyberark-customers.force.com/s/article/CPM-can-login-and-verify-a-password-but-can-t-change- the-password-winRc-5-Access-is-denied


Question: 57


Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

  1. Require dual control password access Approval

  2. Enforce check-in/check-out exclusive access

  3. Enforce one-time password access

  4. Enforce check-in/check-out exclusive access & Enforce one-time password access


Answer: B


Question: 58


Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

  1. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)

  2. PSM for Windows (previously known as RDP Proxy)

  3. PSM for SSH (previously known as PSM SSH Proxy)

  4. All of the above


Answer: A


Question: 59

You are creating a Dual Control workflow for a team’s safe. Which safe permissions must you grant to the Approvers group?

  1. List accounts, Authorize account request

  2. Retrieve accounts, Access Safe without confirmation

  3. Retrieve accounts, Authorize account request

  4. List accounts, Unlock accounts


Answer: A Explanation:

Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/PVWA-Dual- Control.htm (expand all and search for retrieve accounts)


Question: 60

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account’s password the Central Policy Manager (CPM) will:

  1. ignore the logon account and attempt to log in as root

  2. prompt the end user with a dialog box asking for the login account to use

  3. log in first with the logon account, then run the SU command to log in as root using the password in the Vault

  4. none of these


Answer: B