CAU302 Exam Information and Guideline
CyberArk Defender + Sentry
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
This certification provides the practical knowledge and technical skills to maintain day-to-day operations and support the on-going performance of the CyberArk Privileged Access Security Solution
The CyberArk Defender Certification tests for the practical knowledge and technical skills to maintain day-to-day operations and to support the on-going maintenance of the CyberArk Privileged Account Security Solution. It is intended to certify an examinees competence to fill one of the following roles within a Privileged Account Security Program.
Exam : CAU302
Exam Name : CyberArk Defender + Sentry
Questions : 65
Type : multiple-choice questions
Duration : 90 minutes
Passing score : 70%
A CyberArk Certified Defender is capable of performing the following tasks:
Describing the system architecture and workflows. Successfully managing passwords (Verification, Change, and Reconciliation). Onboarding accounts using Accounts Discovery and the Password Upload Utility. Configuring sessions to be directed through a PSM. Monitoring recorded sessions. Describing how connections through a PSMP can be established. Modifying Master Policy settings. Producing reports on various system and user activities. Monitoring the CyberArk implementation. Describing and configuring the various logs that are available to troubleshoot problems. Utilizing the knowledge base and other available resources to resolve problems. Performing common administrative tasks.
The CyberArk Defender Certification tests examanees ability to form the following tasks in seven knowledge domains. Only functions of the Core PAS Solution are included.
Account Onboarding
• Perform a bulk upload of accounts using Password Upload Utility or REST
• Create an Onboarding Rule
• Onboard an account from the pending accounts list
• Setup a Unix Discovery
• Setup a Windows Discovery
• Manually onboard an account
• Onboard SSH Keys with Account Uploader
Application Management
• Describe tools that could be used to monitor CyberArk Application Health
• Use PrivateArk with Proficiency
• Describe how each component communicates with others or devices on network at a high level
• Maintain an appropriate chain of custody for Encryption Keys
Ongoing Maintenance
• Restore DR to normal operation after a failover
• Backup Vault Data with PAReplicate
• Resync a credential file by running createcredfile manually on the command line
• Identify the log files for each component
• Identify and locate component configuration files
• Assemble necessary log files for submission to a case (X-RAY)
• Ensure each component is operational
• Open a support case with appropriate description and severity
• Create or Upvote an ER
• Restore an object to the vault from a PAReplicate Backup
Password Management Configuration
• Configure a request/approval process
• Configure workflow processes to ensure non-repudiation
• Setup automatic verification, management, and reconciliation of passwords or SSH Keys
• Explain the differences between a logon versus a reconcile account
• Configure a logon account
• Configure a reconcile account
• Properly configure the “SearchForUsages” Platform parameter
• Configure workflow processes to reduce the risk of credential theft
• Configure workflow processes to comply with audit/regulatory policies
• Import a Custom Platform from the Marketplace
• Duplicate a Platform
• Manage the password of a supported usage
• Provision a Safe
• Follow a safe naming convention
• Configure Safe Retention
• Configure Management of Workstation Passwords using Loosely Connected Devices
• Add a User/Group to a safe in accordance with access control policies
• Use an OOB Platform to manage a device
Security and Audit
• Configure a Response to Unmanaged Credentials
• Describe the various PTA detections
• Configure Automatic Session Termination
• Configure a Response to Credential Theft
• Search for a recording
• Utilize safe permissions to limit the scope of reports for specific users
• Understand the purpose of EVD
• Grant appropriate permission to allow users to run reports
• Describe all reports and what information they give a user
• Review a recording
• Configure email alerts in PTA
Session Management Configuration
• Configure the Master Policy to enable the PSM
• Grant Access to view recordings
• Configure a recording safe
• Make a PSM for SSH Connection using an SSH Client
• Make a PSM Connection using the Connect Button
• Make a PSM Connection using an RDP Client
• Setup text based or video based recordings on PSM
• Configure the PSM to utilize the HTML5 Gateway
• Configure the Master Policy to enable the connect button
• Configure the Master Policy to create PSM recordings
• Configure a split workflow
• Describe connection components and what they do
User Management Configuration
• Be able to describe the difference between safe and vault level permissions without the GUI (web or PA client)
• Add an LDAP User/Group to a Local Group
• Configure additional LDAP hosts
• Validate Proper Function of Pre-Configured Directory Mappings
• Verify an LDAP Configuration is using SSL
• Add a User to a Vault Group
• Configure Safe Level Permissions on a User or Group
• Configure Vault Level Permissions on a User
• Describe the purpose of each Built-In Vault User
• Login as the Master user
• Provision an internally authenticated user in the vault
• Set/Reset a Vault Users Password