CyberArk Defender - PAM PAM-DEF Exam Practice Test

Page: 1 / 14
Total 239 questions
Question 1

Which user is automatically added to all Safes and cannot be removed?



Answer : C

The user that is automatically added to all Safes and cannot be removed is the Master user. The Master user is a predefined user that is created during the Vault installation and has full permissions on all Safes and accounts. The Master user is the only user that can perform certain tasks, such as creating other predefined users, managing the Vault configuration, and restoring the Vault from a backup.The Master user cannot be deleted or modified by any other user, and is always a member of every Safe12.Reference:

Predefined users and groups - CyberArk, section ''Master''

Safes and Safe members - CyberArk, section ''Safe members overview''


Question 2

In your organization the ''click to connect'' button is not active by default.

How can this feature be activated?



Answer : C

The ''click to connect'' button is a feature that allows users to connect to target systems without entering their credentials manually. It is also known as EPV transparent connections or PSM transparent connections. To activate this feature, you need to enable theAllow EPV transparent connectionsparameter in the Master Policy. This parameter determines whether users can use the ''click to connect'' button to initiate a privileged session from the PVWA. If the parameter is set to Active, the button is enabled and users can connect to target systems with one click. If the parameter is set to Inactive, the button is disabled and users need to copy the credentials and paste them in the target system login screen.Reference:Connect and configure - CyberArk,How to enable/disable Connect button in PVWA console - force.com


Question 3

VAULT authorizations may be granted to_____.



Answer : A, C

Vault Authorizations

* Can be assigned only to users (not groups).

* Cannot be inherited via group membership.

* Defined only via the Private Ark Client.

Safe Auth

* Assigned to users and/or groups.

* Can be inherited via group membership.

* Can be defined in the Private Ark Client or PVWA


Question 4

A user needs to view recorded sessions through the PVWA.

Without giving auditor access, which safes does a user need access to view PSM recordings? (Choose two.)



Answer : A, B

To view recorded sessions through the PVWA without having auditor access, a user needs access to two specific safes: theRecordings safeand thesafe the account is in. The Recordings safe is where the PSM session recordings are stored, and users need permission to access this safe to view the recordings.Additionally, users need access to the safe where the account associated with the recorded session is stored, as this is where the session details and permissions are managed12.


CyberArk Docs - Configure video and text recordings3

CyberArk Community - Viewing PSM recorded sessions1

Question 5

Vault admins must manually add the auditors' group to newly created safes so auditors will have sufficient access to run reports.



Answer : B

Vault admins do not need to manually add the auditors' group to newly created safes, because the auditors' group is automatically added to every safe in the vault by default. The auditors' group has the View Audit authorization, which allows its members to view the safe's activity and run reports. However, vault admins can remove the auditors' group from specific safes if they want to restrict the access of the auditors.Reference:Predefined users and groups - CyberArk


Question 6

Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.

How do you accomplish this?



Answer : D

To disable session monitoring and recording for a large number of accounts due to storage constraints, you would navigate to the Administration section of the CyberArk Privileged Access Security (PAS) solution, specifically to the Configuration Options. From there, you would select the Privilege Session Management (PSM) options and disable the Session Monitoring and Recording policies.This action would apply the changes to the specified accounts, thus disabling the session monitoring and recording features for them1.Reference: The answer is based on general knowledge of CyberArk PAS and best practices for managing session policies within the system.For specific steps and detailed procedures, please refer to the official CyberArk Defender PAM course materials and documentation


Question 7

A recently-hired colleague onboarded five new Local Accounts that are used for five standalone Windows Servers. After attempting to connect to the servers from PVWA, the colleague noticed that the "Connect" button was greyed out for all five new accounts.

What can you do to help your colleague resolve this issue? (Choose two.)



Answer : A, B, E

Verify Server Address: Ensure that theaddress fieldis populated with the correctIP or FQDNfor each server (Option A).

Check PSM Settings: Confirm that the correctPSM connection componentis specified within theaccount platform settings(Option B).

Automatic Management: Check if the ''Disable automatic management for this account'' setting isnot enabled(Option E).

These steps should help in troubleshooting the connection issue in the CyberArk Privileged Access Management (PAM) solution.


Page:    1 / 14   
Total 239 questions