In addition to add accounts and update account contents, which additional permission on the safe is required to add a single account?
Answer : C
In addition to the permissions to add accounts and update account contents, the permission toUpdate Account Propertiesis required to add a single account to a safe in CyberArk.This permission allows the user to modify the properties of an account, which is a necessary step when adding a new account to ensure that all relevant details and configurations are correctly set1.Reference: The information provided is based on general knowledge of CyberArk PAM best practices and the permissions required for account management as outlined in CyberArk's official documentation
Question 2
The Password upload utility can be used to create safes.
Answer : A
The Password Upload utility can be used to create safes, as well as password objects, folders, and platforms. The Password Upload utility works with the CyberArk Password Vault to create password objects from a passwords list and store them in the Vault. This enables you to upload large numbers of passwords automatically and makes the Vault implementation process quicker and more automatic. The Password Upload utility initiates the Vault environment required to store passwords in the safe and start working with them.This includes creating new safes, adding the CPM user as a safe owner, and sharing the safe with the Password Vault Web Access1.Reference:
1:Password Upload Utility
Question 3
Within the Vault each password is encrypted by:
Answer : D
According to the web search results, within the Vault each password is encrypted by its own unique key. This key is generated by the Vault when the password is added to the Vault and is stored in the Vault's database. The password key is encrypted by the safe key, which is the key of the safe that contains the password. The safe key is encrypted by the server key, which is the key that opens the Vault. The server key is encrypted by the public recovery key, which is part of the asymmetric recovery key that enables the Master User to log on to the Vault in case of a disaster.This layered encryption scheme ensures that each password is protected by multiple keys and that no single key can compromise the security of the Vault
Question 4
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor's machine makes an RDP connection the PSM server, which user will be used?
Answer : A
According to the web search results, when an auditor initiates a live monitoring session to PSM server to view an ongoing live session, the auditor's machine makes an RDP connection to the PSM server using the PSMAdminConnect user.The PSMAdminConnect user is a local or domain user that starts PSM sessions on the PSM machine for authorized users who want to monitor or terminate active sessions1. The PSMAdminConnect user has limited permissions and access rights on the PSM server, and its credentials are managed by the CPM. The PSMAdminConnect user retrieves the credentials of the target account from the vault and uses them to establish a secure connection to the target machine. The auditor can then view the live session through the PSM session, while the PSM server records and audits the session activity.
Question 5
When on-boarding account using Accounts Feed, Which of the following is true?
Answer : B
When on-boarding accounts using Accounts Feed, you can either select an existing safe or create a new one to store the accounts. You can also specify the platform, policy, and owner for each account. However, you cannot create a new platform using Accounts Feed, and not all platforms support automatic reconciliation.Reference:
Accounts Feed - CyberArk
CyberArk University
[Defender-PAM Sample Items Study Guide]
Question 6
Which of the following logs contains information about errors related to PTA?
Answer : B
According to the web search results, the diamond.log is the main log file that records the PTA system activities, such as receiving and processing events, generating alerts, and sending notifications1.The diamond.log also contains information about errors related to PTA, such as connection failures, configuration issues, parsing problems, or internal exceptions2.The diamond.log can be found in the /opt/tomcat/logs directory on the PTA machine1.The debug level of the diamond.log can be changed using the changeLogLevel.sh utility or manually editing the log4j.properties file1.The diamond.log can be used for troubleshooting PTA issues and viewing statistics
Question 7
Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?
Answer : B
The Use Accounts permission enables Safe members to log in to a remote machine through a PSM connection from the Accounts List or the Account Details page. The List Accounts permission enables Safe members to view the Accounts list. However, to show or copy the password, the Safe members also need the Retrieve Accounts permission, which allows them to view and copy the account value in the Account Details page or the Accounts list. Therefore, the combination of Use Accounts and List Accounts will allow end users to log in to a remote machine transparently but not show or copy the password.Reference:
Safe Members - CyberArk1, section ''Permissions''
Safes and Safe members - CyberArk2, section ''Safe members overview''
All Official Question Types