CyberArk PAM-CDE-RECERT Exam Practice Test Instant Access

Question 1

The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys.

How are these keys managed?

ACyberArk stores Private keys in the Vault and updates Public keys on target systems.

BCyberArk stores Public keys in the Vault and updates Private keys on target systems.

CCyberArk does not store Public or Private keys and instead uses a reconcile account to create keys on demand.

DCyberArk stores both Private and Public keys and can update target systems with either key.

Answer : A

Question 2

Which of these accounts onboarding methods is considered proactive?

AAccounts Discovery

BDetecting accounts with PTA

CA Rest API integration with account provisioning software

DA DNA scan

Answer : B

Question 3

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

ATrue; this is the default behavior

BFalse, the Vault administrator must manually set the DR Vault to DR mode by setting ''FailoverMode=no'' in the padr.ini file

CTrue, if the AllowFailback setting is set to ''yes'' in the padr.ini file

DFalse, the Vault administrator must manually set the DR Vault to DR mode by setting ''FailoverMode=no'' in the dbparm.ini file

Answer : B

Question 4

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

ATRUE

BFALSE

Answer : B

Question 5

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

ARequire dual control password access Approval

BEnforce check-in/check-out exclusive access

CEnforce one-time password access

DEnforce check-in/check-out exclusive access & Enforce one-time password access

Answer : B

Question 6

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Aon the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

Bon the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

Cin the Private Ark client under Tools > Administrative Tools > Directory Mapping

Don the Vault server in the certificate store and on the PVWA server in the certificate store

Answer : C

%20user%20management%20using%20LDAP%7C_____2

Question 7

Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

AUse Accounts, Retrieve Accounts, List Accounts

BUse Accounts, List Accounts

CUse Accounts

DList Accounts, Retrieve Accounts

Answer : D

CyberArk PAM-CDE-RECERT CyberArk CDE Recertification Exam Practice Test