Ping Identity Certified Professional - PingAccess PAP-001 Exam Practice Test

Page: 1 / 14
Total 70 questions
Question 1

Which two browsers are supported for the PingAccess Admin console? (Choose 2 answers.)



Answer : C, D

PingAccess officially supports Google Chrome and Microsoft Edge for the administrative console. Other browsers (Safari, Opera, Brave) may work but are not officially supported.

Exact Extract:

''The PingAccess administrative console is supported on current versions of Google Chrome and Microsoft Edge.''

Option A (Safari) is not officially supported.

Option B (Opera) is not supported.

Option C (Google Chrome) is correct.

Option D (Microsoft Edge) is correct.

Option E (Brave) is not officially supported.


Question 2

A change is made to the configuration that prevents user access to an application. No one claims to have made the change. Which log file should the administrator use to determine who made the change?



Answer : D

All administrative API calls that change PingAccess configuration are logged in pingaccess_api_audit.log. This allows administrators to track who made configuration changes.

Exact Extract:

''The pingaccess_api_audit.log file contains entries for all administrative API calls and is used to audit configuration changes.''

Option A (pingaccess.log) contains runtime system messages but not detailed API audit entries.

Option B (pingaccess_engine_audit.log) is specific to engine request/response audit logging.

Option C (pingaccess_agent_audit.log) is used for PingAccess Agent traffic auditing, not administrative changes.

Option D (pingaccess_api_audit.log) is correct --- it tracks admin API modifications.


Question 3

Where should an administrator adjust SameSite Cookie settings?



Answer : D

The SameSite attribute is applied to session cookies to control cross-site behavior. In PingAccess, session cookie configuration (including SameSite) is defined at the Web Session level.

Exact Extract:

''Web session configuration includes cookie attributes such as name, domain, secure flag, HTTPOnly, and SameSite.''

Option A (Rules) is incorrect --- rules govern access control, not cookies.

Option B (Sites) defines backend connections, not session cookies.

Option C (Applications) ties resources to sessions but does not define cookie behavior.

Option D (Web Sessions) is correct --- session cookie SameSite settings are configured here.


Question 4

Which two protocols does PingAccess use for authentication and authorization? (Choose 2 answers.)



Answer : D, E

PingAccess is designed to work with modern identity protocols. It does not support legacy WS-* protocols directly.

Exact Extract:

''PingAccess integrates with OAuth 2.0 and OpenID Connect (OIDC) to provide authentication and authorization for web and API resources.''

Option A (SAML) is incorrect --- PingAccess does not natively consume SAML assertions; SAML can be used indirectly via PingFederate.

Option B (WS-Fed) is not supported.

Option C (WS-Trust) is not supported.

Option D (OAuth2) is correct --- used for authorization and token validation.

Option E (OIDC) is correct --- used for user authentication and sessions.


Question 5

An administrator must onboard a new application from the application team. The application has multiple paths that will need different rules. What would be the first step in this process?



Answer : C

All onboarding in PingAccess begins with defining an Application. Once the application exists, the administrator can define Resources within it and assign different rules to those resources.

Exact Extract:

''Before you can configure resources and rules, you must first create an application in PingAccess.''

Option A (Identity Mapping) may be required later but not the first step.

Option B (Web Session) can be shared but is not the first onboarding step.

Option C (Application) is correct --- the starting point for onboarding.

Option D (Resource) comes after creating the application.


Question 6

A department has a requirement to protect anything in its application that resides in a folder named "escalated," no matter where that folder is in the path. Which path prefix should be used in this situation?



Answer : B

PingAccess supports flexible path matching for resources using wildcards. If the requirement is to match any path that contains a folder named 'escalated', the correct format is:

*/escalated/ matches any location of the escalated directory within the path.

Exact Extract:

''The asterisk (*) wildcard matches zero or more characters. Use it in resource paths to match folders at any depth.''

Option A (escalated/) only matches when the resource starts with ''escalated/'' at the root, not at arbitrary depth.

Option B (*/escalated/) is correct --- it matches the escalated folder no matter where it occurs.

Option C (*/escalated/+ ) is incorrect --- + is not a valid PingAccess wildcard operator.

*Option D (/escalated/) matches only when the path starts with ''escalated'' at the first level, not arbitrary positions.


Question 7

An administrator needs to configure an application that uses a backend web server that has its own authentication mechanism. Which type of object must be configured for PingAccess to provide access to the target server?



Answer : C

When a backend application requires its own authentication (e.g., Basic Auth or mutual TLS), PingAccess uses a Site Authenticator to inject the necessary credentials.

Exact Extract:

''Site Authenticators provide the credentials PingAccess uses when authenticating to target applications that require their own authentication mechanisms.''

Option A (Token Provider) is incorrect --- this is used for OIDC/OAuth tokens, not site-level authentication.

Option B (Web Session) manages end-user sessions, not backend site authentication.

Option C (Site Authenticator) is correct --- it handles authentication between PingAccess and the backend.

Option D (Access Control Rule) enforces authorization, not backend authentication.


Page:    1 / 14   
Total 70 questions