CyberArk PAM-DEF CyberArk Defender - PAM Exam Practice Test

Page: 1 / 14
Total 239 questions
Question 1

In the Private Ark client, how do you add an LDAP group to a CyberArk group?



Answer : C

To add an LDAP group to a CyberArk group, you need to use the Private Ark client and follow these steps1:

In the Users and Groups tree, select the CyberArk group that you want to add the LDAP group to.

In the Properties pane, click Member Of.

Click Add > LDAP Group.

In the LDAP Group dialog box, enter the name of the LDAP group and click OK.Reference:Add an LDAP group to a Vault group


Question 2

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?



Answer : A

The PTA can perform automatic password change as a type of remediation in case of a suspected credential theft security event.According to the CyberArk documentation1, 'Rotate credentials - for OverPass the Hash attack and Suspected credentials theft events.'1This means that the PTA can initiate a password change request to the CPM for the affected account, which will generate a new random password and update it on the target system and the Vault. This way, the PTA can prevent the attacker from using the stolen credentials to access the target system or launch further attacks.Reference:

Configure PTA Remediations - CyberArk, section ''Remediation Initiation''


Question 3

When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by



Answer : C

When a group is granted the 'Authorize Account Requests' permission on a safe, dual control requests must be approved by the number of persons specified by the Master Policy. This means that the request will be sent to all the members of the group, but only a certain number of them need to confirm it for the request to be authorized. The Master Policy defines the number of required approvers for each level of confirmation, as well as the number of levels. For example, if the Master Policy requires two approvers at the first level and one approver at the second level, then the request will be sent to the group and two members of the group must confirm it before it is sent to the second level of confirmation, where one more approver is needed.Reference:

Request access

Safe Members

CyberArk Defender - PAM Exam Practice Test


Question 4

Before failing back to the production infrastructure after a DR exercise, what must you do to maintain audit history during the DR event?



Answer : A

Before failing back to the production infrastructure after a Disaster Recovery (DR) exercise, it is crucial to ensure that the Production Instance replicates all changes that occurred from the Disaster Recovery Instance. This includes all audit history and any other changes made during the DR event.The replication process ensures that no data is lost and that the audit history is maintained consistently across both the DR and Production environments1.


CyberArk Docs - Reports and Audits1

CyberArk Docs - Vault Audit Action Codes2

CyberArk Blog - Failover and Failback Process

Question 5

A user needs to view recorded sessions through the PVWA.

Without giving auditor access, which safes does a user need access to view PSM recordings? (Choose two.)



Answer : A, B

To view recorded sessions through the PVWA without having auditor access, a user needs access to two specific safes: theRecordings safeand thesafe the account is in. The Recordings safe is where the PSM session recordings are stored, and users need permission to access this safe to view the recordings.Additionally, users need access to the safe where the account associated with the recorded session is stored, as this is where the session details and permissions are managed12.


CyberArk Docs - Configure video and text recordings3

CyberArk Community - Viewing PSM recorded sessions1

Question 6

You have been asked to create an account group and assign three accounts which belong to a cluster. When you try to create a new group, you receive an unauthorized error; however, you are able to edit other aspects of the account properties.

Which safe permission do you need to manage account groups?



Answer : D

To manage account groups, you need the manage safe permission, which allows you to create, update, and delete account groups in a safe. The other permissions are not related to account groups. The create folders permission allows you to create folders in a safe. The specify next account content permission allows you to specify the next password or SSH key for an account. The rename accounts permission allows you to rename accounts in a safe.Reference:Manage account groups,Safe member permissions


Question 7

PSM for Windows (previously known as ''RDP Proxy'') supports connections to the following target systems



Answer : D

PSM for Windows supports connections to various types of target systems, including Windows, UNIX, Oracle, and others. PSM for Windows uses different connection components to establish and manage the sessions, depending on the type and protocol of the target system. For example, PSM-RDP is used for Windows systems, PSM-SSH and PSM-Telnet are used for UNIX systems, PSM-Toad and PSM-SQLPlus are used for Oracle databases, and so on.Reference:

PSM for Windows

Connect through Privileged Session Manager for Windows

Supported connection components


Page:    1 / 14   
Total 239 questions