CyberArc Vceplayer CAU201 v2021-04-26 by Finley 39q

CAU201
Number: CAU201
Passing Score: 800
Time Limit: 120 min
File Version: 1
CAU201
https://www.gratisexam.com/
885CB989129A5F974833949052CFB2F2
Exam A
QUESTION 1
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted____________________.
A. the vault will not allow this situation to occur.

B. only those permissions that exist on the group added to the safe first.
C. only those permissions that exist in all groups to which the user belongs.
D. the cumulative permissions of all the groups to which that user belongs.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
It is possible to control the hours of the day during which a user may long into the vault.
A. TRUE
B. FALSE
Correct Answer: A
Section: (none)
Explanation
Reference: https://isecurenet.net/wp-content/uploads/2016/06/user-sb-cyberark_privileged_threat_analytics-030916-final-en-web.pdf
QUESTION 3
Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.
885CB989129A5F974833949052CFB2F2
A. PAR Agent
B. PrivateArk Server Central Administration
C. Edit DBParm.ini in a text editor.
D. Setup.exe
Correct Answer: A
Section: (none)
Explanation
QUESTION 4
A Logon Account can be specified in the Master Policy.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
QUESTION 5
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a
password without approval.
A. Create an exception to the Master Policy to exclude the group from the workflow process.
B. Edit the master policy rule and modify the advanced ‘Access safe without approval’ rule to include the group.
C. On the safe in which the account is stored grant the group the ‘Access safe without audit’ authorization.
D. On the safe in which the account is stored grant the group the ‘Access safe without confirmation’ authorization.
Correct Answer: A
Section: (none)
Explanation
885CB989129A5F974833949052CFB2F2
Reference: https://www.reddit.com/r/CyberARk/comments/6270zr/dual_control_on_specific_accounts/
QUESTION 6
Which report provides a list of accounts stored in the vault.
A. Privileged Accounts Inventory

B. Privileged Accounts Compliance Status
C. Entitlement Report
D. Activity Log
Correct Answer: A
Section: (none)
Explanation
Reference: https://techinsight.com.vn/language/en/privileged-account-security-solution-part-2/
QUESTION 7
Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
QUESTION 8
What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?
A. MinValidityPeriod
B. Interval
C. ImmediateInterval
D. Timeout
Correct Answer: D
885CB989129A5F974833949052CFB2F2
Section: (none)
Explanation
QUESTION 9
Which of the following files must be created or configured in order to run Password Upload Utility? Select all that apply.
A. PACli.ini
B. Vault.ini
C. conf.ini
D. A comma delimited upload file
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.reddit.com/r/CyberARk/comments/84gfsb/password_upload_utility_error/
QUESTION 10
Users can be restricted through certain CyberArk interfaces (e.g. PVWA or PACLI).
A. TRUE
B. FALSE
Correct Answer: A
Section: (none)
Explanation
QUESTION 11
It is possible to restrict the time of day, or day of week that a reconcile process can occur.
A. TRUE
B. FALSE
885CB989129A5F974833949052CFB2F2
Correct Answer: B
Section: (none)
Explanation
QUESTION 12
Which of the following options is not set in the Master Policy?
A. Password Expiration Time

B. Enabling and Disabling of the Connection Through the PSM
C. Password Complexity
D. The use of “One-Time-Passwords”
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability).
A. TRUE
B. FALSE
Correct Answer: A
Section: (none)
Explanation
QUESTION 14
The System safe allows access to the Vault configuration files.
A. TRUE
B. FALSE
885CB989129A5F974833949052CFB2F2
Correct Answer: B
Section: (none)
Explanation
QUESTION 15
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to change the root account’s password the CPM will…
A. Log in to the system as root, then change root’s password.

B. Log in to the system as the logon account, then change root’s password
C. Log in to the system as the logon account, run the su command to log in as root, and then change root’s password.
D. None of these.
Correct Answer: A
Section: (none)
Explanation
QUESTION 16
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management
automatically?
A. Configure the Provider to change the password to match the Vault’s Password
B. Associate a reconcile account and configure the platform to reconcile automatically.
C. Associate a logon account and configure the platform to reconcile automatically.
D. Run the correct auto detection process to rediscover the password.
Correct Answer: B
Section: (none)
Explanation
QUESTION 17
885CB989129A5F974833949052CFB2F2
What is the maximum number of levels of authorizations you can set up in Dual Control?
A. 1
B. 2
C. 3
D. 4
Correct Answer: B
Section: (none)
Explanation
QUESTION 18
In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?
A. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account of the target
server’s root account.
B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon
account of the target server’s root account.
C. Configure the Unix system to allow SSH logins.
D. Configure the CPM to allow SSH logins.
Correct Answer: B
Section: (none)
Explanation
QUESTION 19
Which CyberArk components products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.
A. Discovery and Audit (DNA)

B. Auto Detection (AD)
C. Export Vault Data (EVD)
885CB989129A5F974833949052CFB2F2
D. On Demand Privileges manager (OPM)
E. Accounts Discovery
Correct Answer: AE
Section: (none)
Explanation
QUESTION 20
A Reconcile Account can be specified in the Master Policy.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
QUESTION 21
SAFE Authorizations may be granted to _________________.
Select all that apply.
A. Vault Users
B. Vault Groups
C. LDAP Users
D. LDAP Groups
Correct Answer: A
Section: (none)
Explanation
885CB989129A5F974833949052CFB2F2
QUESTION 22
What is the purpose of a linked account?
A. To ensure that a particular collection of accounts all have the same password.
B. To ensure a particular set of accounts all change at the same time.
C. To connect the CPNI to a target system.
D. To allow more than one account to work together as part of a password management process.
Correct Answer: D
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Linked-Accounts.htm
QUESTION 23
One can create exceptions to the Master Policy based on ____________________.
A. Safes
B. Platforms
C. Policies
D. Accounts
Correct Answer: D
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/The-Master-Policy.htm
QUESTION 24
The vault supports Role Based Access Control.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
885CB989129A5F974833949052CFB2F2
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Object-Level-Access-Control.htm
QUESTION 25
Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?
A. Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.
B. Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.
C. Yes, if a logon account is associated with the root account.
D. No, it is not possible.
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.reddit.com/r/CyberARk/comments/7zx8w5/ssh_connection/
QUESTION 26
A user with administrative privileges to the vault can only grant other users privileges that he himself has.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
QUESTION 27
By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?
A. Vault Admins
B. Security Admins
885CB989129A5F974833949052CFB2F2
C. Security Operators
D. Auditors
Correct Answer: B
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PTA/Security-Configuration.htm
QUESTION 28
Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.freshers360.com/wp-content/uploads/2019/05/Privileged-Account-Security-Implementation-Guide.pdf
QUESTION 29
The Accounts Feed contains:
A. Accounts that were discovered by CyberArk in the last 30 days

B. Accounts that were discovered by CyberArk that have not yet been onboarded
C. All accounts added to the vault in the last 30 days
D. All users added to CyberArk in the last 30 days
Correct Answer: A
Section: (none)
Explanation
885CB989129A5F974833949052CFB2F2
QUESTION 30
Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.
A. PSM connections to target devices that are not managed by CyberArk.

B. Session Recording.
C. Real-time live session monitoring.
D. PSM connections from a terminal without the need to login to the PVWA.
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 31
When managing SSH keys, the CPM stored the Private Key
A. In the Vault
B. On the target server
C. A & B
D. Nowhere because the private key can always be generated from the public key.
Correct Answer: A
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Managing%20SSH%20Keys.htm
QUESTION 32
When managing SSH keys, the CPM stores the Public Key
A. In the Vault
B. On the target server
C. A & B
D. Nowhere because the public key can always be generated from the private key.
885CB989129A5F974833949052CFB2F2
Correct Answer: B
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Managing%20SSH%20Keys.htm
QUESTION 33
Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/MESSAGES/Password%20Vault%20Web%20Access%20Messages-%
20General.htm
QUESTION 34
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?
A. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)
B. PSM for Windows (previously known as RDP Proxy)
C. PSM for SSH (previously known as PSM SSH Proxy)
D. All of the above
Correct Answer: A
Section: (none)
Explanation
QUESTION 35
What is the primary purpose of Dual Control?
885CB989129A5F974833949052CFB2F2
A. Reduced risk of credential theft
B. More frequent password changes
C. Non-repudiation (individual accountability)
D. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.
Correct Answer: D
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Dual-Control.htm
QUESTION 36
Time of day or day of week restrictions on when password verifications can occur configured in ____________________.
A. The Master Policy

B. The Platform settings
C. The Safe settings
D. The Account Details
Correct Answer: B
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Verifying-Passwords.htm
QUESTION 37
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.
A. HeadStartInterval
B. Interval
C. ImmediateInterval
D. The CPM does not change the password under this circumstance
Correct Answer: B
885CB989129A5F974833949052CFB2F2
Section: (none)
Explanation
QUESTION 38
Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?
A. Require dual control password access Approval

B. Enforce check-in/check-out exclusive access
C. Enforce one-time password access
D. Enforce check-in/check-out exclusive access & Enforce one-time password access
Correct Answer: B
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PrivCloud/Latest/en/Content/Privilege%20Cloud/privCloud-master-policy-rules.htm
QUESTION 39
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.
A. TRUE
B. FALSE
Correct Answer: B
Section: (none)
Explanation
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Object-Level-Access-Control.htm
885CB989129A5F974833949052CFB2F2
885CB989129A5F974833949052CFB2F2

CyberArc Vceplayer CAU201 v2021-04-26 by Finley 39q

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CyberArc Vceplayer CAU201 v2021-04-26 by Finley 39q

Uploaded by

Copyright:

Available Formats

CAU201

A. the vault will not allow this situation to occur.

A. Privileged Accounts Inventory

A. Password Expiration Time

A. Log in to the system as root, then change root’s password.

What is the BEST way to allow CPM to manage root accounts?

A. Discovery and Audit (DNA)

Select all that apply.

A. Accounts that were discovered by CyberArk in the last 30 days

A. PSM connections to target devices that are not managed by CyberArk.

Correct Answer: ABC

A. The Master Policy

A. Require dual control password access Approval

You might also like