CyberArk PAM-DEF Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: PAM-DEF
- Prüfungsname: CyberArk Defender – PAM
- Zertifizierungsanbieter: CyberArk
- Zuletzt aktualisiert am: 26.04.2025
Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?
- A . Export Vault Data
- B . Export Vault Information
- C . Private Ark Client
- D . Privileged Threat Analytics
You receive this error:
"Error in changepass to user domainuser on domain server(domain.(winRc=5) Access is denied."
Which could be the cause?
- A . The account does not have sufficient permissions to change its own password.
- B . The domain controller is unreachable.
- C . The password has been changed recently and minimum password age is preventing the change.
- D . The CPM service is disabled and will need to be restarted.
Your organization has a requirement to allow only one user to "check out passwords" and connect through the PSM securely.
What needs to be configured in the Master policy to ensure this will happen?
- A . Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active
- B . Enforce check-in/check-out exclusive access = inactive; Require privileged session monitoring and isolation = inactive
- C . Enforce check-in/check-out exclusive access = inactive; Record and save session activity = active
- D . Enforce check-in/check-out exclusive access = active; Record and save session activity = inactive
You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.
Which security configuration should you recommend?
- A . Configure one-time passwords for the appropriate platform in Master Policy.
- B . Configure shared account mode on the appropriate safe.
- C . Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.
- D . Configure object level access control on the appropriate safe.
Which statement is true about setting the reconcile account at the platform level?
- A . This is the only way to enable automatic reconciliation of account passwords.
- B . CPM performance will be improved when the reconcile account is set at the platform level.
- C . A rule can be used to specify the reconcile account dynamically or a specific reconcile account can be selected.
- D . This configuration prevents the association from becoming broken if the reconcile account is moved to a different safe.
You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events.
Where must you update the group to allow this?
- A . in the PTAAuthorizationGroups parameter, found in Administration > Options > PTA
- B . in the PTAAuthorizationGroups parameter, found in Administration > Options > General
- C . in the SecurityEventsAuthorizationGroups parameter, found in Administration > Security > Options
- D . in the SecurityEventsFeedAuthorizationGroups parameter, found in Administration > Options > General
Which usage can be added as a service account platform?
- A . Kerberos Tokens
- B . IIS Application Pools
- C . PowerShell Libraries
- D . Loosely Connected Devices
In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to "Fast Forward" within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.
What could be the cause?
- A . Recording is of a PSM for SSH session.
- B . The browser you are using is out of date and needs an update to be supported.
- C . You do not have the "View Audit" permission on the safe where the account is stored.
- D . You need to update the recorder settings in the platform to enable screen capture every 10000 ms or less.
What do you need on the Vault to support LDAP over SSL?
- A . CA Certificate(s) used to sign the External Directory certificate
- B . RECPRV.key
- C . a private key for the external directory
- D . self-signed Certificate(s) for the Vault
Which command generates a full backup of the Vault?
- A . PAReplicate.exe Vault.ini /LogonFromFile user.ini /FullBackup
- B . PAPreBackup.exe C:PrivateArkServerConfVault.ini Backup/Asdf1234 /full
- C . PARestore.exe PADR ini /LogonFromFile vault.ini /FullBackup
- D . CAVaultManager.exe RecoverBackupFiles /BackupPoolName BkpSvr1